Critical Severity

Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

Share this post:

IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.

CVE(s): CVE-2021-38647

Affected product(s) and affected version(s):

IBM QRadar 7.3.0 to 7.3.3 Patch 9

IBM QRadar 7.4.0 to 7.4.3 Patch 2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6491159
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/208548

More stories

Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs

Oct 19, 2021 8:02 pm EDT | Critical Severity

Cloud Pak for Security (CP4S) v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. ...read more


Security Bulletin: Multiple Security Vulnerabilities Have been addressed in IBM Security Access Manager

Oct 15, 2021 8:00 pm EDT | Critical Severity

Multiple Security Vulnerabilities have been fixed in the IBM Security Access Manager (ISAM) version 9.0.7.2 ...read more


Security Bulletin: Cloud Pak for Security is vulnerable to several CVEs

Oct 14, 2021 8:01 pm EDT | Critical Severity

Cloud Pak for Security (CP4S) v1.7.2.0 and earlier uses packages that are vulnerable to several CVEs. These issues have been addressed in an update. See the Fixes section below for instructions. ...read more