IBM Support

Security Bulletin: Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities (CVE-2018-1000632, CVE-2020-10683)

Security Bulletin


Summary

Dom4j as used by IBM QRadar SIEM contains multiple vulnerabilities

Vulnerability Details

CVEID:   CVE-2018-1000632
DESCRIPTION:   dom4j could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation in multiple methods. By sending a specially-crafted XML content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/148750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID:   CVE-2020-10683
DESCRIPTION:   dom4j could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By sending specially crafted XML data, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181356 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

7.3

All WindowsDHCPProtocol versions before 7.3.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.3-20201007124637

All SmbTailProtocol versions before 7.3.0-QRADAR-PROTOCOL-SmbTailProtocol-7.3-20201007124637

All OracleDatabaseListener versions before 7.3.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.3-20201007124637

All WindowsExchangeProtocol versions before 7.3.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.3-20201007124637

All WindowsIISProtocol versions before 7.3.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.3-20201007124637

All EMCVMWareProtocol versions before 7.3.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.3-20200916171440

 

7.4

All WindowsDHCPProtocol versions before 7.4.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.4-20201007123631

All SmbTailProtocol versions before 7.4.0-QRADAR-PROTOCOL-SmbTailProtocol-7.4-20201007123631

All OracleDatabaseListener versions before 7.4.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.4-2020100712363

All WindowsExchangeProtocol versions before 7.4.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.4-2020100712363

All WindowsIISProtocol versions before 7.4.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.4-20201007123631

All EMCVMWareProtocol versions before 7.4.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.4-20200916171516

Remediation/Fixes

7.3

7.3.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.3-20201007124637

7.3.0-QRADAR-PROTOCOL-SmbTailProtocol-7.3-20201007124637

7.3.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.3-20201007124637

7.3.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.3-20201007124637

7.3.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.3-20201007124637

7.3.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.3-20200916171440

 

7.4

7.4.0-QRADAR-PROTOCOL-WindowsDHCPProtocol-7.4-20201007123631

7.4.0-QRADAR-PROTOCOL-SmbTailProtocol-7.4-20201007123631

7.4.0-QRADAR-PROTOCOL-OracleDatabaseListener-7.4-2020100712363

7.4.0-QRADAR-PROTOCOL-WindowsExchangeProtocol-7.4-2020100712363

7.4.0-QRADAR-PROTOCOL-WindowsIISProtocol-7.4-20201007123631

7.4.0-QRADAR-PROTOCOL-EMCVMWareProtocol-7.4-20200916171516

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide
On-line Calculator v3

Off

Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

These files were released as part of the 21 October 2020 auto update bundle. Administrators can confirm the protocol version installed on the Console from the Auto Update interface on the Admin tab or using yum info Protocol-WindowsDHCPProtocol from the command-line interface to confirm the latest version is installed. 

For example:


[root@examplehost]# yum info Protocol-WindowsDHCPProtocol
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Installed Packages
Name        : PROTOCOL-WindowsDHCPProtocol
Arch        : noarch
Version     : 7.3
Release     : 20161017144311
Size        : 169 k
Repo        : installed
Summary     : PROTOCOL Windows DHCP Protocol Install
License     : Proprietary.
Description : This program installs a Windows DHCP Protocol PROTOCOL plugin.

 

Acknowledgement

Change History

28 Oct 2020: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3, 7.4","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
28 October 2020

Initial Publish date:
28 October 2020

UID

ibm16356447

Page Feedback