IBM Support

Security Bulletin: IBM QRadar SIEM has released 7.3.1 Patch 4, and 7.2.8 Patch 13 in response to the vulnerabilities known as Spectre and Meltdown.

Security Bulletin


Summary

IBM has released the following 7.3.1 Patch 4, and 7.2.8 Patch 13 for IBM QRadar SIEM in response to CVE-2017-5753, CVE-2017-5715 and CVE-2017-5754

Vulnerability Details

CVEID: CVE-2017-5753

CVEID: CVE-2017-5715

CVEID: CVE-2017-5754

Affected Products and Versions

IBM QRadar SIEM 7.3.0 – 7.3.1 Patch 3
IBM QRadar Risk Manager 7.3.0 - 7.3.1 Patch 3
IBM QRadar Vulnerability Manager 7.3.0 – 7.3.1 Patch 3
IBM QRadar Incident Forensics 7.3.0 – 7.3.1 Patch 3
IBM QRadar SIEM 7.2.0 – 7.2.8 Patch 12
IBM QRadar Risk Manager 7.2.0 – 7.2.8 Patch 12
IBM QRadar Vulnerability Manager 7.2.0 – 7.2.8 Patch 12
IBM QRadar Incident Forensics 7.2.0 – 7.2.8 Patch 12

Remediation/Fixes

QRadar/QRM/QVM/QRIF/QNI 7.3.1 Patch 4
QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 13

For IBM QRadar SIEM 7.1 IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

Please note in order to mitigate CVE-2017-5715 Spectre Variant #2, microcode will need to be updated on all appliances along with the Kernel update that is included in the QRadar Patch. Please see the links below for available microcode updates.

For Lenovo Appliance M5 Firmware using ISO/IMM, see:
Lenovo x3550 M5 and Lenovo x3650 M5

For Lenovo Appliance M4 Firmware using USB Key Installs
1U USB: Qradar_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0
2U USB: Qradar_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_0

For Lenovo Appliance M4 Firmware using ISO/IMM Installs
1U ISO: Qradar_ISO_1U_M4_MT7914_Qflow_15xxEC_2100_Firmware_Update_5_0_0
2U ISO: Qradar_ISO_2U_M4_MT5466_xx05_xx28_QIF_PCAP_Firmware_Update_5_0_1

For Lenovo Appliance M3 Firmware using USB Key Installs

QRADAR-FIRMWARE-1U-M3-2100-1501-QFLOW-2.1
QRADAR-FIRMWARE-2U-M3-xx05-xx24-2.1


For Dell Appliances, see:
For Dell R630 and R730 appliances select your Operating System and Download Version 2.7.1 BIOS

Get Notified about Future Security Bulletins

References

Off

Change History

06 June, 2018:Bulletin Updates

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

Review the IBM security bulletin disclaimer and definitions regarding your responsibilities for assessing potential impact of security vulnerabilities to your environment.

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"PSIRT","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
15 August 2018

UID

swg22016636