IBM Support

Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Security Bulletin


Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID:   CVE-2020-7226
DESCRIPTION:   Cryptacular is vulnerable to a denial of service, caused by an excessive memory allocation during a decode operation in CiphertextHeader.java. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175399 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:   CVE-2021-29425
DESCRIPTION:   Apache Commons IO could allow a remote attacker to traverse directories on the system, caused by improper input validation by the FileNameUtils.normalize method. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199852 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:   CVE-2021-28165
DESCRIPTION:   Eclipse Jetty is vulnerable to a denial of service, caused by improper input valistion. By sending a specially-crafted TLS frame, a remote attacker could exploit this vulnerability to cause CPU resources to reach to 100% usage.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199305 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-28169
DESCRIPTION:   Eclipse Jetty could allow a remote attacker to obtain sensitive information, caused by a flaw in the ConcatServlet. By sending a specially-crafted request using a doubly encoded path, an attacker could exploit this vulnerability to obtain sensitive information from protected resources within the WEB-INF directory, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203492 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2021-28163
DESCRIPTION:   Eclipse Jetty could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when the ${jetty.base} directory or the ${jetty.base}/webapps directory is a symlink. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain webapp directory contents information, and use this information to launch further attacks against the affected system.
CVSS Base score: 2.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199303 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2021-22696
DESCRIPTION:   Apache CXF is vulnerable to a denial of service, caused by improper validation of request_uri parameter by the OAuth 2 authorization service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition on the authorization server.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199335 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2020-13954
DESCRIPTION:   Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the services listing page. A remote attacker could exploit this vulnerability using the styleSheetPath in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191650 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:   CVE-2018-8029
DESCRIPTION:   Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system. An attacker could exploit this vulnerability to run arbitrary commands as root user.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161812 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-9492
DESCRIPTION:   Apache Hadoop could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper validation of SPNEGO authorization header. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges to trigger services to send server credentials to a webhdfs path for capturing the service principal.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195656 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2018-11768
DESCRIPTION:   Apache Hadoop is vulnerable to a denial of service, caused by a mismatch in the size of the fields used to store user/group information between memory and disk representation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the user/group information to be corrupted across storing in fsimage and reading back from fsimage.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168305 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2017-15713
DESCRIPTION:   Apache Hadoop could allow a remote authenticated attacker to obtain sensitive information. By using a specially-crafted file, a remote attacker could exploit this vulnerability to expose private files.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138064 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)

CVEID:   CVE-2018-18751
DESCRIPTION:   GNU gettext is vulnerable to a denial of service, caused by a double free flaw in the default_add_message function in read-catalog.c. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/152105 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:   CVE-2019-9924
DESCRIPTION:   Bash could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by the failure to prevent the shell user from modifying BASH_CMDS in the rbash. By modifying BASH_CMDS, an attacker could exploit this vulnerability to execute arbitrary commands on the system with the permissions of the shell.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/158906 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-3715
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free in route4_change() in net/sched/cls_route.c. By sending a specially-crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208836 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2020-27777
DESCRIPTION:   Linux Kernel for PowerPC could allow a local authenticated attacker to bypass security restrictions, caused by a flaw with the Run-Time Abstraction Services (RTAS) interface. By sending a specially-crafted request, an attacker could exploit this vulnerability to overwrite some parts of memory, including kernel memory.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/192283 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-22555
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a heap out-of-bounds write flaw in net/netfilter/x_tables.c. By sending a specially-crafted request through user name space, an authenticated attacker could exploit this vulnerability to gain elevated privileges or cause a denial of service condition.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/204997 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-29154
DESCRIPTION:   Linux Kernel could allow a could allow a local authenticated attacker to gain elevated privileges on the system, caused by an issue with incorrect computation of branch displacements in BPF JIT compiler. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges, and execute arbitrary code in the Kernel mode.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199609 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:   CVE-2021-29650
DESCRIPTION:   Linux Kernel is vulnerable to a denial of service, caused by the lack of a full memory barrier upon the assignment of a new table value in the netfilter subsystem. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause the system to crash.
CVSS Base score: 6.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199201 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:   CVE-2021-32399
DESCRIPTION:   Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the BlueTooth subsystem. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201653 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM QRadar SIEM 7.3.0 to 7.3.3 Fix Pack 9

IBM QRadar SIEM 7.4.0 to 7.4.3 Fix Pack 2

Remediation/Fixes


QRadar / QRM / QVM / QRIF / QNI 7.3.3 Fix Pack 10

QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 3

QRadar / QRM / QVM / QRIF / QNI 7.4.3 Fix Pack 4

 

Note: Version 7.4.3 Fix Pack 3 is only available to QRadar on Cloud users. QRadar 7.4.3 Fix Pack 3 was removed for on-premise QRadar SIEM users.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Off

Acknowledgement

Change History

26 Nov 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3, 7.4","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 December 2021

UID

ibm16520472