SB2024020104 - Multiple vulnerabilities in IBM SOAR QRadar Plugin App

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024020104

SB2024020104 - Multiple vulnerabilities in IBM SOAR QRadar Plugin App

Published: February 1, 2024 Updated: April 19, 2024

Security Bulletin ID SB2024020104
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Inefficient Algorithmic Complexity (CVE-ID: CVE-2023-46136)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to high resource usage when parsing multipart/form-data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


2) Information disclosure (CVE-ID: CVE-2023-43804)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.


3) Insufficient verification of data authenticity (CVE-ID: CVE-2023-37920)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exist due to software recognizes "e-Tugra" root certificates, which were subject to an investigation prompted by reporting of security issues in their systems. An attacker with ability to generate certificates signed with the  compromised "e-Tugra" root certificate can perform MitM attack.


4) Improper access control (CVE-ID: CVE-2023-38263)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.


5) Path traversal (CVE-ID: CVE-2023-38019)

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user  can send a specially crafted HTTP request and read arbitrary files on the system.


6) Improper Output Neutralization for Logs (CVE-ID: CVE-2023-38020)

The vulnerability allows a remote user to manipulate data in log files.

The vulnerability exists due to improper input validation. A remote user can manipulate output written to log files.


Remediation

Install update from vendor's website.

References