Critical Severity

Security Bulletin: IBM QRadar Network Packet Capture includes multiple vulnerable components.

Share this post:

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM has addressed the relevant CVEs.

CVE(s): CVE-2018-25032, CVE-2021-4083, CVE-2022-0778, CVE-2021-45960, CVE-2021-46143, CVE-2022-22822, CVE-2022-22823, CVE-2022-22824, CVE-2022-22825, CVE-2022-22826, CVE-2022-22827, CVE-2022-23852, CVE-2022-25235, CVE-2022-25236, CVE-2022-25315

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM QRadar Network Packet Capture v7.3 7.3 – 7.3.3 Patch 10
IBM QRadar Network Packet Capture v7.4 7.4 – 7.4.3 Patch 4
IBM QRadar Network Packet Capture v7.5 7.5 – 7.5.0 Update Package 1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6601293
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222615
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216849
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216473
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216875
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216908
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216907
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216906
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216905
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216904
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216901
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/218007
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219782
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219784
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/219945

More stories

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

August 9, 2022 | Critical Severity

Multiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.6-x packages [Golang Go, libxml2, curl, expat ,libgcrypt and IBM WebSphere Application Server Liberty] that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. ...read more


Security Bulletin: Vulnerabilities in Spring Framework affect IBM Cloud Pak System (CVE-2022-22965, CVE-2020-5421)

August 8, 2022 | Critical Severity

IBM Cloud Pak System is affected by a remote code execution in Spring Framework (CVE-2022-22965 and CVE-2020-5421). IBM Cloud Pak System ships with AWS component that includes it but is not used by it. The fix removes Spring from the product. This security bulletin service applies to IBM Cloud Pak System, BM Cloud Pak System Software and BM Cloud Pak System Software Suite. ...read more


Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to arbitrary code execution in MS Visual Studio (CVE-2022-24765).

August 4, 2022 | Critical Severity

IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to vulnerable to arbitrary code execution in MS Visual Studio, caused by an uncontrolled search for the Git directory in Git (CVE-2022-24765). Git for Visual Studio is used in the base operating system of IBM Watson Speech. Please read the details for remediation below. ...read more