Multiple vulnerabilities in IBM QRadar Pulse for QRadar SIEM
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 25 |
| CVE-ID | CVE-2021-37701 CVE-2020-7788 CVE-2021-33502 CVE-2021-3918 CVE-2021-22960 CVE-2021-22959 CVE-2021-3807 CVE-2020-28469 CVE-2021-3765 CVE-2020-7598 CVE-2021-44906 CVE-2021-37712 CVE-2021-32804 CVE-2019-11358 CVE-2021-37713 CVE-2021-32803 CVE-2018-25031 CVE-2018-3721 CVE-2019-1010266 CVE-2019-10744 CVE-2020-8203 CVE-2018-16487 CVE-2021-23337 CVE-2020-11023 CVE-2020-11022 |
| CWE-ID | CWE-22 CWE-94 CWE-185 CWE-444 CWE-20 CWE-400 CWE-36 CWE-1321 CWE-77 CWE-79 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #17 is available. Public exploit code for vulnerability #19 is available. Public exploit code for vulnerability #20 is available. Public exploit code for vulnerability #24 is available. Public exploit code for vulnerability #25 is available. |
| Vulnerable software Subscribe |
QRadar Pulse App Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Path traversal
EUVDB-ID: #VU58202
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37701
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to input validation error when extracting tar files that contained both a directory and a symlink with
the same name as the directory, where the symlink and directory names in
the archive entry used backslashes as a path separator on posix
systems. A remote attacker can create a specially crafted archive and overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Prototype pollution
EUVDB-ID: #VU66955
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7788
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation when handling INI files. A remote attacker can pass a specially crafted INI file to the application and perform prototype pollution attacks.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect Regular Expression
EUVDB-ID: #VU63698
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-33502
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to exponential performance for data. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Code Injection
EUVDB-ID: #VU64034
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3918
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU59234
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22960
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests, where the application ignores chunk extensions when parsing the body of chunked requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU59233
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22959
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to preform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests, where the application accepts requests with a space right after the header name before the colon. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU57967
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Incorrect Regular Expression
EUVDB-ID: #VU52985
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-28469
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of user-supplied input in regular expression. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Incorrect Regular Expression
EUVDB-ID: #VU68281
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3765
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a regular expression denial of service (ReDoS) attack.
The vulnerability exists due to improper input validation when handling user-supplied input. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Prototype pollution
EUVDB-ID: #VU26151
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7598
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject and execute arbitrary script code.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Resource exhaustion
EUVDB-ID: #VU64030
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44906
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Path traversal
EUVDB-ID: #VU58203
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37712
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when extracting tar files that contained two directories and a symlink
with names containing unicode values that normalized to the same value. A remote attacker can create a specially crafted archive that, when extracted, can overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Absolute Path Traversal
EUVDB-ID: #VU58205
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32804
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a logic issue when file paths contained repeated path roots such as ////home/user/.bashrc. node-tar
would only strip a single path root from such paths. When given an
absolute file path with repeating path roots, the resulting path (e.g. ///home/user/.bashrc) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Prototype pollution
EUVDB-ID: #VU18092
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-11358
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Path traversal
EUVDB-ID: #VU58204
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-37713
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due insufficient logic on Windows systems when extracting tar files that contained a path that
was not an absolute path, but specified a drive letter different from
the extraction target, such as C:some\path. If the drive letter does not match the extraction target, for example D:\extraction\dir, then the result of path.resolve(extractionDirectory, entryPath) would resolve against the current working directory on the C: drive, rather than the extraction target directory.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Absolute Path Traversal
EUVDB-ID: #VU58206
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32803
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a logic issue when extracting tar files that contained both a directory
and a symlink with the same name as the directory. This order of
operations resulted in the directory being created and added to the node-tar
directory cache. When a directory is present in the directory cache,
subsequent calls to mkdir for that directory are skipped. However, this
is also where node-tar checks for symlinks occur.
By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar
symlink checks on directories, essentially allowing an untrusted tar
file to symlink into an arbitrary location and subsequently extracting
arbitrary files into that location, thus allowing arbitrary file
creation and overwrite.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU64011
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-25031
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can trick the victim into opening a specially crafted URL to display remote OpenAPI definitions.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
18) Input validation error
EUVDB-ID: #VU37072
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-3721
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Resource exhaustion
EUVDB-ID: #VU19282
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-1010266
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the software does not properly parse user-supplied input in the Date Handler component. A remote authenticated attacker can send long strings that submit malicious input, which the library attempts to match using a regular expression and consume excessive amounts of CPU resources and cause a DoS condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
20) Code Injection
EUVDB-ID: #VU21764
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2019-10744
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify properties on the target system.
The vulnerability exists due to improper input validation in the "defaultsDeep" function. A remote attacker can send a specially crafted request and modify the prototype of "Object" via "{constructor: {prototype: {...}}}" causing the addition or modification of an existing property that will exist on all objects.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
21) Prototype polution
EUVDB-ID: #VU41989
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-8203
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when using _.zipObjectDeep in lodash. A remote attacker can inject and execute arbitrary script code.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Prototype pollution
EUVDB-ID: #VU19305
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16487
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the merge, mergeWith, and defaultsDeep functions. A remote attacker can send a specially crafted request and add or modify properties of Object.prototype.
Successful exploitation of this vulnerability may result in complete compromise of the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Command Injection
EUVDB-ID: #VU53202
Risk: Medium
CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23337
CWE-ID:
CWE-77 - Command injection
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to improper input validation when processing templates. A remote privileged user can inject and execute arbitrary commands on the system.
Install update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Cross-site scripting
EUVDB-ID: #VU27519
Risk: Low
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-11023
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when passing <option> elements to jQuery’s DOM manipulation methods. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
25) Cross-site scripting
EUVDB-ID: #VU27052
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-11022
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the regex operation in "jQuery.htmlPrefilter". A remote attacker can pass specially crafted data to the application that uses .html()</code>, <code>.append() or similar methods for it and execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Pulse App: 1.0.0 - 2.2.8
External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-qradar-pulse-application-add-on-to-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities/
http://www.ibm.com/support/pages/node/6830017
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
