Multiple vulnerabilities in IBM QRadar SIEM
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2022-31160 CVE-2022-41974 CVE-2022-29154 CVE-2022-2625 CVE-2022-2526 CVE-2022-25168 CVE-2022-40674 CVE-2022-38177 CVE-2022-38178 CVE-2022-21125 CVE-2022-21127 CVE-2022-21166 CVE-2022-21123 CVE-2021-2163 |
| CWE-ID | CWE-79 CWE-285 CWE-22 CWE-264 CWE-416 CWE-78 CWE-401 CWE-200 CWE-459 CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
IBM Qradar SIEM Client/Desktop applications / Other client software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU65834
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-31160
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when initializing a checkboxradio widget on an input enclosed within a label
makes that parent label contents considered as the input label. If .checkboxradio( "refresh" ) is called on such a
widget and the initial HTML contains encoded HTML entities, they will
erroneously get decoded and executed. A remote attacker can execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
2) Improper Authorization
EUVDB-ID: #VU68722
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-41974
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrectly implemented authorization process within multipathd daemon. A local unprivileged user can bypass build-in authorization and execute privileged commands on the system.
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
3) Path traversal
EUVDB-ID: #VU66189
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-29154
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote server to perform directory traversal attacks.
The vulnerability exists due to input validation error within the rsync client when processing file names. A remote malicious server overwrite arbitrary files in the rsync client target directory and subdirectories on the connected peer.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU66429
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2625
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to escalate privileges within the database.
The vulnerability exists due to extension scripts can replace objects that do not belong to the extension when using the CREATE OR REPLACE or CREATE IF NOT EXISTS commands. A remote user with (1) permissions to create non-temporary objects in at least one schema, (2) ability to lure
or wait for an administrator to create or update an affected extension
in that schema, and (3) ability to lure or wait for a victim to use the
object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS can run arbitrary code as the victim role.
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
5) Use-after-free
EUVDB-ID: #VU66757
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-2526
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the on_stream_io() and dns_stream_complete() functions in resolved-dns-stream.c, which do not increment the reference counting for the DnsStream object. A remote attacker can send to the system specially crafted DNS responses, trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
6) OS Command Injection
EUVDB-ID: #VU69531
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-25168
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the FileUtil.unTar(File, File) API. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
7) Use-after-free
EUVDB-ID: #VU67532
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40674
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
8) Memory leak
EUVDB-ID: #VU67549
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-38177
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the DNSSEC verification code for the ECDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed ECDSA signature and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
9) Memory leak
EUVDB-ID: #VU67550
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-38178
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the DNSSEC verification code for the EdDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed EdDSA signature and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
10) Information disclosure
EUVDB-ID: #VU64365
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21125
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
11) Incomplete cleanup
EUVDB-ID: #VU64376
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21127
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information on the system.
The vulnerability exists due to incomplete cleanup in specific special register read operations. A local user can enable information disclosure.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
12) Information disclosure
EUVDB-ID: #VU64366
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21166
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
13) Information disclosure
EUVDB-ID: #VU64364
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21123
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
14) Improper input validation
EUVDB-ID: #VU52449
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-2163
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.4 - 7.5.0 Update Package 3 Interim Fix 02
Fixed software versionsCPE2.3 External links
http://www.ibm.com/support/pages/node/6955057
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
