Medium Severity

Security Bulletin: Python as used by IBM QRadar Network Packet Capture is vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers (CVE-2019-9947, CVE-2019-9948)

Share this post:

The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers.

Affected product(s) and affected version(s):

IBM QRadar Network Packet Capture 7.3.0 – 7.3.2 Patch 2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/1115655

More stories

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Tivoli Netcool Impact (CVE-2019-4304)

Mar 25, 2020 8:00 pm EDT | Medium Severity

IBM WebSphere Application Server Liberty is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. ...read more


Security Bulletin: Security vulnerability is identified in Apache POI server where Rational Asset Manager is deployed (CVE-2019-12415)

Mar 24, 2020 8:01 pm EDT | Medium Severity

The Apache POI that is bundled along with Rational Asset Manager has a potential security vulnerability, which could be exploited by a remote attacker to obtain sensitive information. Respective security vulnerabilities are discussed in detail in the subsequent sections. ...read more


Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2019-4441)

Mar 24, 2020 8:00 pm EDT | Medium Severity

IBM WebSphere Application Server is shipped as a component of IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. ...read more