Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details ** CVEID: CVE-2024-6345 DESCRIPTION: **pypa/setuptools could allow a remote attacker to execute arbitrary code on the system, caused by an error in the package_index module. By persuading a victim to click a specially crafted URL, an attacker could exploit this vulnerability using its download functions to inject and execute arbitrary code on the system. CVSS Base score: 8.8 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/298014 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) ** CVEID: CVE-2024-37890 DESCRIPTION: **Node.js ws module is vulnerable to a denial of service, caused by a NULL pointer dereference. By sending a specially crafted request with multiple HTTP headers, a remote attacker could exploit this vulnerability to cause the server to crash. CVSS Base score: 7.5 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/295049 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ** CVEID: CVE-2024-41110 DESCRIPTION: **Moby could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a…Read More