IBM Support

Security Bulletin: SQL Injection and Incorrect Handling of SSH Connection vulnerability in QRadar (CVE-2014-4824, CVE-2014-4826)

Security Bulletin


Summary

IBM QRadar 7.2 MR2 contains SQL Injection and Incorrect Handling of SSH Connection vulnerabilities .

Vulnerability Details


CVE ID: CVE-2014-4824

DESCRIPTION: IBM QRadar is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

The attack requires authentication, but not local network access or specialized knowledge and techniques. An exploit could affect the integrity of data, confidentiality of information, and the availability of the system.


CVSS:
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95574 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: CVE-2014-4826

DESCRIPTION: IBM QRadar is vulnerable due to incorrect handling of SSH connections. A remote attacker could exploit this vulnerability by capturing network traffic to obtain plain-text credentials and other sensitive information.

The attack does not require local network access or authentication, but some specialized knowledge and techniques are required. An exploit would not affect the integrity of data or availability of the system, but it could impact the confidentiality of information.


CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM QRadar 7.2 MR2

Remediation/Fixes


NOTE: For the SSH connection vulnerability, view the IBM QRadar Admin Guide for 7.2 MR3 in the Create Scan Profiles for help on how to configure SSH keys for scanner profiles.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v2 Guide
On-line Calculator v2

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21684448

Page Feedback