IBM fixes several QRadar vulnerabilities

IBM fixes several QRadar vulnerabilities

No Comments

IBM recently disclosed critical vulnerabilities affecting its QRadar Suite Software and IBM Cloud Pak for Security. On successful exploitation, it could allow attackers to execute arbitrary code remotely, potentially leading to severe security breaches.

Advertisements

The vulnerabilities are as follows

  • CVE-2024-39008 with a CVSS score of 9.8. The robinweser fast-loops module allows remote attackers to execute arbitrary code due to a prototype pollution vulnerability.
  • CVE-2024-29415 with a CVSS score of 7.5. The Node.js ip module is vulnerable to server-side request forgery, allowing attackers to conduct SSRF attacks.
  • CVE-2024-28176 with a CVSS score of 5.3, The Node.js Jose module is vulnerable to a denial-of-service attack due to a flaw during JWE Decryption operations. A remote attacker could exploit this by sending a specially crafted request, leading to excessive CPU or memory usage and a denial-of-service condition.
  • CVE-2024-34064 with a CVSS score of 5.4,  Jinja has a cross-site scripting vulnerability caused by the acceptance of keys with non-attribute characters by the xmlattr filter. This flaw allows remote attackers to inject attributes into a web page, potentially stealing cookie-based authentication credentials.
  • CVE-2024-3651 with a CVSS score of 6.2, The idea module could allow a local user to cause a denial of service by using a specially crafted argument to the idea. encode () function.
  • CVE-2024-25024 with a CVSS score of 6.2, IBM QRadar Suite stores user credentials in plain text, which a local user can access.
  • CVE-2024-37168 with a CVSS score of 5.3. The gRPC on Node.js is vulnerable to a denial of service attack due to a flaw in memory allocation. A remote attacker could exploit this vulnerability by sending specially crafted messages.
  • CVE-2024-30260 with a CVSS score of 3.9. The Node.js undici module could allow a remote authenticated attacker to obtain sensitive information due to improper handling of authorization headers.
  • CVE-2024-30261 with a CVSS score of 2.6. A security restriction bypass vulnerability exists in the Node.js undici module, allowing fetch() to accept tampered requests.
  • CVE-2024-28799 with a CVSS score of 5.1. IBM QRadar Suite Software improperly displays sensitive data during back-end commands, potentially leading to information disclosure.

Affected Products

Advertisements
  • IBM Cloud Pak for Security: Versions 1.10.0.0 to 1.10.11.0
  • QRadar Suite Software: Versions 1.10.12.0 to 1.10.23.0

IBM strongly advises users to upgrade to version 1.10.24.0 or later to mitigate these vulnerabilities. While no specific workarounds have been provided, organizations are encouraged to apply the updates promptly to secure their systems against potential exploits.

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.