Medium Severity

Security Bulletin: IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities (CVE-2017-7656, CVE-2017-7657, CVE-2017-7658, CVE-2018-12536)

Share this post:

IBM QRadar SIEM is vulnerable to Jetty Vulnerabilities

Affected product(s) and affected version(s):

· IBM QRadar 7.2.0 to 7.2.8 Patch 16

· IBM QRadar 7.3.0 to 7.3.2 Patch 4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1103493

More stories

Security Bulletin: Man in the middle vulnerability in Liberty for Java for IBM Cloud (CVE-2014-3603)

Dec 11, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2014-3603 DESCRIPTION:   The (1) HttpResource and (2) FileBackedHttpResource implementations in Shibboleth Identity Provider (IdP) before 2.4.1 and OpenSAML Java 2.6.2 do not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.CVSS Base score: 6.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164271 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) ...read more


Security Bulletin: One vulnerability of Mozzila Firefox (less than Firefox 60.7.2 ESR) has affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF07

Dec 11, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-11708 DESCRIPTION:   Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed parent process opening web content chosen by a compromised child process. When combined with additional vulnerabilities this could result in executing arbitrary code on the user's computer. This vulnerability affects Firefox ESR < 60.7.2, Firefox < 67.0.4, and Thunderbird < 60.7.2.CVSS Base score: 6.3CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162774 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) ...read more


Security Bulletin: One vulnerability of Mozzila Firefox (less than Firefox 60.7.1 ESR) has affected Synthetic Playback Agent 8.1.4.0 – 8.1.4 IF07

Dec 11, 2019 7:00 pm EST | Medium Severity

CVEID:   CVE-2019-11707 DESCRIPTION:   A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.CVSS Base score: 6.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/162711 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) ...read more