Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities

Main / Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities

Discription

## Summary

The product includes multiple vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs.

## Vulnerability Details

** CVEID: **[CVE-2022-31160]()
** DESCRIPTION: **jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 5.4
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/231462]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)

** CVEID: **[CVE-2022-41974]()
** DESCRIPTION: **OpenSVC multipath-tools for Linux could allow a local authenticated attacker to execute arbitrary commands on the system, caused by an authorization bypass flaw in the multipathd daemon. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 6.7
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/239041]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

** CVEID: **[CVE-2022-29154]()
** DESCRIPTION: **Rsync could allow a remote attacker to bypass security restrictions, caused by improper validation of file names. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to write arbitrary files inside the directories of connecting peers.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232637]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

** CVEID: **[CVE-2022-2625]()
** DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper control of the modification of dynamically-determined object attributes. By creating a specially-crafted object using at least one schema, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/233970]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)

** CVEID: **[CVE-2022-2526]()
** DESCRIPTION: **systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the on_stream_io() function and dns_stream_complete() function in “resolved-dns-stream.c” not incrementing the reference counting for the DnsStream object. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235161]() for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

** CVEID: **[CVE-2022-25168]()
** DESCRIPTION: **Apache Hadoop could allow a local authenticated attacker to execute arbitrary commands on the system, caused by improper input file name validation by the FileUtil.unTar(File, File) API. By sending specially-crafted arguments, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/232807]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

** CVEID: **[CVE-2022-40674]()
** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the doContent function in xmlparse.c. An attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236116]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

** CVEID: **[CVE-2022-38177]()
** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a small memory leak in the DNSSEC verification code for the ECDSA algorithm. By spoofing the target resolver with responses that have a malformed ECDSA signature, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236705]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

** CVEID: **[CVE-2022-38178]()
** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a memory leak in the DNSSEC verification code for the EdDSA algorithm. By spoofing the target resolver with responses that have a malformed EdDSA signature, a remote attacker could exploit this vulnerability to cause named to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/236706]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

** CVEID: **[CVE-2022-21125]()
** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup of microarchitectural fill buffers. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.6
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228703]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

** CVEID: **[CVE-2022-21127]()
** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register read operations in the Memory Mapped I/O (MMIO) component. By conducting a specially-crafted read operation, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228695]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

** CVEID: **[CVE-2022-21166]()
** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup in specific special register write operations in the Memory Mapped I/O (MMIO) component. By conducting a specially-crafted write operation, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.5
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228696]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

** CVEID: **[CVE-2022-21123]()
** DESCRIPTION: **Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by incomplete cleanup of multi-core shared buffers. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 6.1
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/228702]() for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)

** CVEID: **[CVE-2021-2163]()
** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.
CVSS Base score: 5.3
CVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200292]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM QRadar SIEM| 7.4.0 – 7.4.3 Fix Pack 7
IBM QRadar SIEM| 7.5.0 – 7.5.0 Update Pack 3

## Remediation/Fixes

IBM encourages customers to update their systems promptly.

Affected Product(s)| Versions| Fix
—|—|—
IBM QRadar SIEM| 7.4| [7.4.3 Fix Pack 8]( “7.4.3 Fix Pack 8” )
IBM QRadar SIEM| 7.5| [7.5.0 Update Pack 4]( “7.5.0 Update Pack 4” )

## Workarounds and Mitigations

None

##Read More

References

Back to Main

Subscribe for the latest news: