Multiple vulnerabilities in IBM QRadar Suite Software
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-41721 CVE-2024-22234 CVE-2024-1597 CVE-2024-25710 CVE-2024-26308 CVE-2023-49083 CVE-2023-50782 CVE-2024-26130 CVE-2024-22195 |
| CWE-ID | CWE-444 CWE-284 CWE-89 CWE-835 CWE-400 CWE-476 CWE-203 CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Cloud Pak for Security (CP4S) Client/Desktop applications / Other client software QRadar Suite Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU72886
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41721
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP/2 request smuggling attacks.
The vulnerability exists due to improper validation of HTTP/2 requests when using MaxBytesHandler. A remote attacker can send a specially crafted HTTP/2 request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU86694
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-22234
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) SQL injection
EUVDB-ID: #VU86983
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1597
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data when using the "PreferQueryMode=SIMPLE" option. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU86624
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-25710
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing a corrupt DUMP file. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Resource exhaustion
EUVDB-ID: #VU86625
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26308
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of memory when unpacking a broken Pack200 file. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU83930
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-49083
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Observable discrepancy
EUVDB-ID: #VU88199
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-50782
CWE-ID:
CWE-203 - Observable discrepancy
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) NULL pointer dereference
EUVDB-ID: #VU87129
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26130
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Cross-site scripting
EUVDB-ID: #VU85368
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-22195
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsCloud Pak for Security (CP4S): All versions
QRadar Suite: 1.10.12.0 - 1.10.19.0
CPE2.3- cpe:2.3:a:ibm_corporation:cloud_pak_for_security:*:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7147903
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
