SB2022101031 - Multiple vulnerabilities in IBM QRadar DNS Analyzer App

Description

This security bulletin contains information about 3 vulnerabilities.

1) Incorrect Regular Expression (CVE-ID: CVE-2022-31129)

CWE-ID: CWE-185 - Incorrect Regular Expression

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.

2) Path traversal (CVE-ID: CVE-2022-24785)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

3) Resource exhaustion (CVE-ID: CVE-2017-18214)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote unauthenticated attacker to cause DoS condition on the target system.

The weakness exists due to resource exhaustion. A remote attacker can submit a specially crafted data string and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-dns-analyzer-app-for-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-cve-2022-31129-cve-2022-24785-cve-2017-18214/
• https://www.ibm.com/support/pages/node/6827213