IBM QRadar SIEM is a set of solutions from the US IBM company that uses security intelligence to protect assets and information from advanced threats. QRadar SIEM can be deployed internally or in the cloud. It can help the security team intelligently detect and prioritize threats in the enterprise with intelligent insights, and react quickly, thereby reducing the impact.
On January 26, IBM released a security update to fix important vulnerabilities such as denial of service discovered in IBM QRadar SIEM. The following are the details of the vulnerability:
Vulnerability details
Source: https://www.ibm.com/support/pages/node/6408848
1. CVE-2020-7595 CVSS score: 7.5 severity: important
Due to an error in xmlStringLenDecodeEntities in parser.c, Gnome Project Libxml2 is vulnerable to denial of service attacks. An attacker may use this vulnerability to cause the application to enter an infinite loop.
2. CVE-2019-14866 CVSS score: 6.7 severity: important
Since the input file cannot be correctly verified when generating the TAR archive, GNU cpio may allow a locally authenticated attacker to gain higher privileges on the system. Attackers may use this vulnerability to inject any tar content and damage the system.
3. CVE-2019-14907 CVSS score: 6.5 severity: important
Samba is vulnerable to denial of service attacks due to errors that occur after character conversion fails at log level 3 or higher. By sending a specially crafted string during the NTLMSSP authentication exchange, an attacker can use this vulnerability to cause the long-standing process to terminate.
4. CVE-2020-2780 CVSS score: 6.5 severity: important
An unspecified vulnerability in Oracle MySQL related to Server Server: The DML component may allow an authenticated attacker to use an unknown attack vector to deny service, thereby affecting high availability.
5. CVE-2019-2974 CVSS score: 6.5 severity: important
An unspecified vulnerability in a product related to the Oracle MySQL component of the server could allow an authenticated attacker to deny service, leading to high availability impacts using unknown attack vectors.
Affected products and versions
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1
IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5
solution
For IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1:
Apply QRadar/QRM/QVM 7.4.2 Patch 2 fix
For IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1:
Apply QRadar/QRM/QVM 7.4.1 Patch 2 fix
For IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5:
Apply QRadar/QRM/QVM 7.3.3 Patch 7 fix
For QRadar Incident Forensics, use the following upgrade patches:
QRadar Incident Forensics / QNI 7.4.2 Patch 2
QRadar Incident Forensics / QNI 7.4.1 Patch 2
QRadar Incident Forensics / QNI 7.3.3 Patch 7
For more vulnerability information and upgrades, please visit the official website:
https://www.ibm.com/blogs/psirt/