IBM Support

IV89173: QVM CIDR DATA ENTRY VALIDATION FOR SCANNERS DOES NOT WORK AS EXPECTED

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • The QRadar User Interface allows the 'Save' option when adding
    a duplicate CIDR list in the Vulnerabilities tab,
    Administrative, Select Scanners area.
    When the 'Save' is performed, no CIDR list is populated in the
    empty table and no error message appears in the UI.
    Data validation should prevent this from occurring and will be
    corrected in a future patch release.
    
    Steps that duplicate this behavior in the UI:
    Select the Vulnerabilities tab
    Select Administrative
    Select Scanners
    Double click a scanner in the list and insert a duplicate list
    into the empty CIDR List field.
    
    Messages similar to the following might be visible in
    /var/log/qradar.error when this issue is occurring:
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList]
    com.q1labs.core.ui.servlet.RemoteJavaScript: [ERROR]
    [NOT:0000003000][127.0.0.1/- -] [-/- -]An exception occurred
    while executing the remote method 'saveScannerCidrList'
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList]
    org.springframework.dao.DuplicateKeyException:
    StatementCallback; SQL [SELECT * FROM
    q1_save_cidrlist_for_scanner(1'<CIDR_List>)]; ERROR: duplicate
    key value violates unique constraint "unique_stealth_cidr"
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTransla
    tor.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:245)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.support.AbstractFallbackSQLExceptionTra
    nslator.translate(AbstractFallbackSQLExceptionTranslator.java:72
    )
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.
    java:407)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.ja
    va:456)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.ja
    va:464)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTe
    mplate.java:472)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTe
    mplate.java:477)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    com.q1labs.qvm.workflow.processor.dao.scanprofile.ScannerDAO.sav
    eSannerCidrList(ScannerDAO.java:234)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    com.q1labs.qvm.workflow.processor.ws.scanneradmin.ScannerAdminSe
    rviceImpl.saveScannerCidrList(ScannerAdminServiceImpl.java:81)
    more...
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] Caused by:
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] org.postgresql.util.PSQLException:
    ERROR: duplicate key value violates unique constraint
    "unique_stealth_cidr"
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(Qu
    eryExecutorImpl.java:2157)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExe
    cutorImpl.java:1886)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorIm
    pl.java:255)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc
    2Statement.java:555)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(Abs
    tractJdbc2Statement.java:403)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.postgresql.jdbc2.AbstractJdbc2Statement.executeQuery(Abstrac
    tJdbc2Statement.java:283)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    com.mchange.v2.c3p0.impl.NewProxyStatement.executeQuery(NewProxy
    Statement.java:35)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate$1QueryStatementCallba
    ck.doInStatement(JdbcTemplate.java:441)
    [tomcat] [admin@127.0.0.1 (3380)
    /console/JSON-RPC/QVM.saveScannerCidrList
    QVM.saveScannerCidrList] at
    org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.
    java:396)
    

Local fix

  • Do not have duplicate CIDRs in the scanners list.
    

Problem summary

  • This issue was resolved with QRadar/QRM/QVM/QRIF 7.2.8 Patch 4
    

Problem conclusion

  • This issue was resolved with QRadar/QRM/QVM/QRIF 7.2.8 Patch 4
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV89173

  • Reported component name

    QR VULNERABILIT

  • Reported component ID

    5725QVMSW

  • Reported release

    726

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2016-09-15

  • Closed date

    2017-05-05

  • Last modified date

    2017-05-05

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    QR VULNERABILIT

  • Fixed component ID

    5725QVMSW

Applicable component levels

  • R728 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSHLPS","label":"IBM Security QRadar Vulnerability Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"726","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
05 May 2017