Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.1282 Multiple Vulnerabilities have been identified in IBM QRadar SIEM 26 April 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM Security QRadar SIEM Publisher: IBM Operating System: Linux variants Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Existing Account Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Existing Account Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2018-1418 CVE-2017-1724 CVE-2017-1723 CVE-2017-1722 CVE-2017-1721 CVE-2016-9878 CVE-2016-9749 CVE-2016-5007 CVE-2016-4970 CVE-2016-3092 CVE-2015-5262 CVE-2015-0250 CVE-2014-3577 CVE-2014-3576 CVE-2014-0193 CVE-2014-0050 CVE-2011-4905 CVE-2011-4314 CVE-2011-1498 Reference: ASB-2018.0089 ASB-2018.0087 ASB-2018.0083 ESB-2012.0409 ESB-2012.0335 ESB-2012.0268 ESB-2011.1224 Original Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22015807 http://www.ibm.com/support/docview.wss?uid=swg22015802 http://www.ibm.com/support/docview.wss?uid=swg22015486 http://www.ibm.com/support/docview.wss?uid=swg22015797 http://www.ibm.com/support/docview.wss?uid=swg22015813 http://www.ibm.com/support/docview.wss?uid=swg22015799 http://www.ibm.com/support/docview.wss?uid=swg22015804 http://www.ibm.com/support/docview.wss?uid=swg22015821 http://www.ibm.com/support/docview.wss?uid=swg22015818 http://www.ibm.com/support/docview.wss?uid=swg22015823 http://www.ibm.com/support/docview.wss?uid=swg22015815 http://www.ibm.com/support/docview.wss?uid=swg22015810 http://www.ibm.com/support/docview.wss?uid=swg22015814 Comment: This bulletin contains thirteen (13) IBM security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting. (CVE-2017-1724) Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015807 Modified date: 24 April 2018 Security Bulletin Summary The product allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and allowing spoofing attacks. Vulnerability Details CVEID: CVE-2017-1724 DESCRIPTION: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVSS Base Score: 5.4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134814 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) Affected Products and Versions QRadar / QRM / QVM / QRIF / QNI 7.3.0 - 7.3.1 Patch 2 QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by Henri Salo Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM is vulnerable to SQL Injection. (CVE-2017-1722) Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015802 Modified date: 24 April 2018 Security Bulletin Summary QRadar used an insecure method for generating SQL query and as such was vulnerable to SQL injection where an attacker injects arbitrary SQL into database queries in order to retrieve information from the database. Vulnerability Details CVEID: CVE-2017-1722 DESCRIPTION: IBM QRadar is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. CVSS Base Score: 6.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134811 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM QRadar SIEM 7.3.0 - 7.3.0 Patch 7 IBM QRadar 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by Henri Salo Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM Contact Optimization is Impacted by a Lack of Input Validation (CVE-2016-9749) CVE-2016-9749 ; input validation Document information More support for: IBM Contact Optimization Software version: 8.6, 9.0, 9.1, 9.1.1, 9.1.2, 10.0 Operating system(s): AIX, Linux, Solaris, Windows Software edition: Enterprise Reference #: 2015486 Modified date: 24 April 2018 Security Bulletin Summary IBM Contact Optimization could allow an authenticated user with access to the local network to bypass security due to a lack of input validation . Vulnerability Details CVEID: CVE-2016-9749 DESCRIPTION: IBM Contact Optimization could allow an authenticated user with access to the local network to bypass security due to lack of input validation. CVSS Base Score: 4 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 120206 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions IBM Contact Optimization 8.6, 9.0, 9.1.0, 9.1.1, 9.1.2, 10.0 Remediation/Fixes +-------------------------------+------------+-----------------------------------------------------------+ |Product |VRMF |Remediation/Fix | +-------------------------------+------------+-----------------------------------------------------------+ | | |https://www-945.ibm.com/support/fixcentral/swg/selectFixes?| | | |parent=Enterprise%20Marketing%20Management&product=ibm/ | | | |Other+software/Unica+Optimize&release=9.1.0.13&platform=All| |IBM Contact Optimization |9.1.0.13 |&function=all | +-------------------------------+------------+-----------------------------------------------------------+ | | |https://www-945.ibm.com/support/fixcentral/swg/selectFixes?| | | |parent=Enterprise%20Marketing%20Management&product=ibm/ | | | |Other+software/Unica+Optimize&release=9.1.2.5&platform=All&| |IBM Contact Optimization |9.1.2.5 |function=all | +-------------------------------+------------+-----------------------------------------------------------+ |IBM Contact Optimization |10.1.0.1 |https://www-945.ibm.com/support/fixcentral/swg/selectFixes?| | | |parent=Enterprise%20Marketing%20Management&product=ibm/ | | | |Other+software/Unica+Optimize&release=10.1.0.1&platform=All| | | |&function=all | +-------------------------------+------------+-----------------------------------------------------------+ IBM Contact Optimization 8.6 is announced end of support, so no security fixes will be available on 8.6 version. As per support policy no fixes will be provided on version 9.0, 9.1.1 and 10.0. It is recommended that customers migrate to supported versions to get security fixes. Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. Product Alias/Synonym Contact Optimization - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to an authentication bypass leading to remote command injection. (CVE-2018-1418) Security Bulletin Summary An authentication bypass leading to remote command injection has been found in IBM QRadar Incident Forensics. Vulnerability Details CVEID: CVE-2018-1418 DESCRIPTION: IBM QRadar Incident Forensics could allow a user to bypass authentication which could lead to code execution. CVSS Base Score: 5.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 138824 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 2 IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), has reported this vulnerability to Beyond Security SecuriTeam Secure Disclosure program. Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- None of the above, continue with my search Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2016-5007, CVE-2016-9878) PSIRT Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015797 Modified date: 24 April 2018 Security Bulletin Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2016-5007 DESCRIPTION: Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanisms. An attacker could exploit this vulnerability to launch further attacks on the system. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 126679 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID: CVE-2016-9878 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to traverse directories on the system , caused by improper validation of user-supplied paths. An attacker could send a specially-crafted request to the ResourceServlet containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 120241 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.1 Patch 2 IBM QRadar 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to remote code execution. (CVE-2017-1721) PSIRT Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015799 Modified date: 24 April 2018 Security Bulletin Summary IBM QRadar Incident Forensics uses insecure functions such as eval that execute code from a string and as such is vulnerable to remote code execution attacks. Vulnerability Details CVEID: CVE-2017-1721 DESCRIPTION: IBM QRadar could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. CVSS Base Score: 5.6 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134810 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L) Affected Products and Versions IBM QRadar SIEM 7.3.0 to 7.3.0 Patch 7 IBM QRadar SIEM 7.2.8 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by Henri Salo Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar Incident Forensics, as used in IBM QRadar SIEM, is vulnerable to authenticated path traversal. (CVE-2017-1723) Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015804 Modified date: 24 April 2018 PSIRT Security Bulletin Summary QRadar uses raw string concatenation to build paths from user input and as such is vulnerable to path traversal attacks where an attacker arbitrarily alters the path. Vulnerability Details CVEID: CVE-2017-1723 DESCRIPTION: IBM QRadar could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS Base Score: 6.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 134812 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N) Affected Products and Versions QRadar / QRIF / QNI 7.3.0 to 7.3.0 Patch 7 QRadar / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement The vulnerability was reported to IBM by Henri Salo Change History 24 April 2018: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4314) PSIRT Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015821 Modified date: 24 April 2018 Security Bulletin Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4314 DESCRIPTION: OpenID4Java could allow a remote attacker to bypass security restrictions, caused by the improper verification of the Attribute Exchange (AX) signature. A remote attacker could exploit this vulnerability to manipulate AX information. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 67361 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N) Affected Products and Versions QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2 QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2014-0193, CVE-2016-4970) Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015818 Modified date: 24 April 2018 PSIRT Security Bulletin Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2014-0193 DESCRIPTION: Netty is vulnerable to a denial of service, caused by an error in the WebSocket08FrameDecoder implementation. A remote attacker could exploit this vulnerability to exhaust all available memory resources. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 93006 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2016-4970 DESCRIPTION: Netty is vulnerable to a denial of service, caused by the improper handling of renegotiation by the OpenSslEngine. If renegotiation is enabled, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 122029 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2 QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-4905, CVE-2014-3576) PSIRT Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015823 Modified date: 24 April 2018 Security Bulletin Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-4905 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the failover mechanism when handling an openwire connection request. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the broker service to crash. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 71620 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2014-3576 DESCRIPTION: Apache ActiveMQ is vulnerable to a denial of service, caused by an error in the processControlCommand function in broker/TransportConnection.java. A remote attacker could use the shutdown command to shutdown the service. CVSS Base Score: 7.5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 107290 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Affected Products and Versions QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2 QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2011-1498, CVE-2014-3577, CVE-2015-5262) PSIRT Security Bulletin Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015815 Modified date: 24 April 2018 Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2011-1498 DESCRIPTION: Apache HttpComponents could allow a remote attacker to obtain sensitive information, caused by an unspecified error in HttpClient. An attacker could exploit this vulnerability to send the Proxy-Authorization header to the host and disclose the user''s password. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 66241 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N) CVEID: CVE-2014-3577 DESCRIPTION: Apache HttpComponents could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the Subject''s Common Name (CN) or SubjectAltName field of certificates. By persuading a victim to visit a Web site containing a specially-crafted certificate, an attacker could exploit this vulnerability using man-in-the-middle techniques to spoof an SSL server. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 95327 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) CVEID: CVE-2015-5262 DESCRIPTION: Apache Commons is vulnerable to a denial of service, caused by the failure to apply a configured connection during the initial handshake of an HTTPS connection by the HttpClient component. An attacker could exploit this vulnerability to accumulate multiple connections and exhaust all available resources. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 106932 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2 QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018: First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: IBM QRadar SIEM contains vulnerable components. (CVE-2015-0250) PSIRT Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015810 Modified date: 24 April 2018 Security Bulletin Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2015-0250 DESCRIPTION: Apache Batik could allow a remote attacker to obtain sensitive information. By persuading a victim to open a specially-crafted SVG file, an attacker could exploit this vulnerability to reveal files and obtain sensitive information. CVSS Base Score: 4.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 101614 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) Affected Products and Versions IBM QRadar 7.3.0 to 7.3.1 Patch 2 IBM QRadar 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - -------------------------------------------------------------------------------- Security Bulletin: QRadar SIEM contains vulnerable components and libraries. (CVE-2014-0050, CVE-2016-3092) PSIRT Document information More support for: IBM Security QRadar SIEM Software version: 7.2, 7.3 Operating system(s): Linux Software edition: All Editions Reference #: 2015814 Modified date: 24 April 2018 Security Bulletin Summary The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2014-0050 DESCRIPTION: Apache Commons FileUpload, as used in Apache Tomcat, Solr, and other products is vulnerable to a denial of service, caused by the improper handling of Content-Type HTTP header for multipart requests by MultipartStream.java. An attacker could exploit this vulnerability using a specially crafted Content-Type header to cause the application to enter into an infinite loop. CVSS Base Score: 5 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 90987 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P) CVEID: CVE-2016-3092 DESCRIPTION: Apache Tomcat is vulnerable to a denial of service, caused by an error in the Apache Commons FileUpload component. By sending file upload requests, an attacker could exploit this vulnerability to cause the server to become unresponsive. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/ 114336 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) Affected Products and Versions QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2 QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11 Remediation/Fixes QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3 QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12 Workarounds and Mitigations None Get Notified about Future Security Bulletins Subscribe to My Notifications to be notified of important product support alerts like this. References Complete CVSS v2 Guide On-line Calculator v2 Complete CVSS v3 Guide On-line Calculator v3 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Acknowledgement IBM X-Force Ethical Hacking Team: Ron Craig, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Change History 24 April 2018:First Publish *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWuFbaIx+lLeg9Ub1AQjcDA//WPXIvnJ9c4d9Pgu4KD4l7b60WpYh9OV6 AoE8OSGRZviNcgyLtzrurPJcMx/9hhTkF5OhoFO1x4cTsY+iA89xY6aotbjEmqMq +zdgPRtF3SfK+0O68JONRamY23vMhURNvAuDA79LVvRICWvikoVIQwILxhFeNoHJ 0KaHaLptfT7Oa2arxybD0gRO+O5bKhp/RuohWpJr/bHaz3pvERdZSxTZ0kg1JnsX suE0MOGKXGIzqeL+eOXlYUhQFUSc/jH8Mm8Igwd8MdJOvoo12c2xzJXqY+9k6Ezy O/KcMPTfdgjSrS0vkSWO6Oh7+5GjYJIN/52MYkTDLKWhpRyX2sI1YStqE78xScdJ uh7yC7VQR3Hq+VdC38hKbG+/IL4tGWocGqIsx3hGEAPcxAa5hB2yeFapx1yVfEsC yQlKlhCs3HJuMuEwp620Y7BQKqO8nPzncMixo3yPbj/eZkorGZNibYLtp8UwT4is lIB8l4comOHBiSeiUiX0rfzsOYoNk8iJBecgHE6J9PEZcSpZ1CZCUOXLcpHzLldF fUqZ19Qy+z/lR6x58owW1N7ZfH3PyUMaf7g9zqqG8LcZWsuWkbT4Z+qaC80AJKsS kQVNkX5u1j3VfWwiLzZkIwFNOSvFaHFeCtSvCF1Syz9TteDtqJWEiGmEgaz3y6Zm 5u0+5n6nXlw= =40Ze -----END PGP SIGNATURE-----