SB2024011741 - Multiple vulnerabilities in IBM QRadar SIEM

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Improper Authorization (CVE-ID: CVE-2023-34058)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error when handling SAML token signature. A remote attacker that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

2) Improper access control (CVE-ID: CVE-2023-34059)

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the vmware-user-suid-wrapper. A local attacker can hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

3) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.

4) Information disclosure (CVE-ID: CVE-2023-50950)

The vulnerability allows a remote attacker to gain access to potentially sensitive email information.

The vulnerability occurs in responses from offense rules. A remote attacker can gain unauthorized access to sensitive email information on the system.

5) Path traversal (CVE-ID: CVE-2023-50164)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences in path names. A remote attacker can upload a malicious file to the server and execute it.

Remediation

Install update from vendor's website.

References

• https://www.ibm.com/support/pages/node/7108657