Multiple vulnerabilities in IBM QRadar User Behavior Analytics



Risk High
Patch available YES
Number of vulnerabilities 25
CVE-ID CVE-2020-13936
CVE-2023-3635
CVE-2018-11770
CVE-2018-11804
CVE-2018-17190
CVE-2023-22946
CVE-2023-46234
CVE-2017-16137
CVE-2024-28849
CVE-2023-6481
CVE-2023-34462
CVE-2022-25647
CVE-2023-6378
CVE-2023-34455
CVE-2023-34454
CVE-2023-34453
CVE-2024-22195
CVE-2023-25613
CVE-2022-46751
CVE-2023-26145
CVE-2023-44981
CVE-2023-31486
CVE-2024-29180
CVE-2023-26159
CVE-2023-41419
CWE-ID CWE-94
CWE-681
CWE-264
CWE-200
CWE-20
CWE-269
CWE-347
CWE-185
CWE-400
CWE-502
CWE-190
CWE-79
CWE-90
CWE-611
CWE-639
CWE-295
CWE-22
CWE-601
CWE-444
Exploitation vector Network
Public exploit Public exploit code for vulnerability #3 is available.
Vulnerable software
QRadar User Behavior Analytics
Server applications / Other server solutions

Vendor IBM Corporation

Security Bulletin

This security bulletin contains information about 25 vulnerabilities.

1) Code Injection

EUVDB-ID: #VU51511

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-13936

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote attacker with ability to modify Velocity templates can inject and execute arbitrary Java code on the system with the same privileges as the account running the Servlet container.


Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Incorrect Conversion between Numeric Types

EUVDB-ID: #VU80783

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-3635

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Security restrictions bypass

EUVDB-ID: #VU14426

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C]

CVE-ID: CVE-2018-11770

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists in Apache Spark running standalone master with the REST API enabled, or running Mesos master with cluster mode enabled due to improper security restrictions. A remote unauthenticated attacker can use the REST API, execute a driver program without authentication and perform unauthorized actions.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

4) Information disclosure

EUVDB-ID: #VU15539

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-11804

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to improper security restrictions set on the build/mvn script. A remote attacker can send a specially crafted request that submits malicious input, download and run a zinc server to speed up compilation and access sensitive information in files readable to the developer account running the build.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU15993

Risk: Medium

CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-17190

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper security restrictions and insufficient validation of user-supplied input. An adjacent attacker with access to a Spark standalone cluster can send a specially crafted request that submits malicious input and execute arbitrary code on the master host, which could be used to conduct further attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper Privilege Management

EUVDB-ID: #VU78721

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22946

CWE-ID: CWE-269 - Improper Privilege Management

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management. A local user can send specially crafted configuration-related classes on the classpath and exploit this vulnerability to execute arbitrary code with the privileges of the submitting user.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU82608

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-46234

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in the dsaVerify() function when validating public keys. A remote attacker can construct a public key in a way that it will be accepted as valid by the affected application and perform spoofing attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Incorrect Regular Expression

EUVDB-ID: #VU87001

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16137

CWE-ID: CWE-185 - Incorrect Regular Expression

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Information disclosure

EUVDB-ID: #VU87551

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-28849

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to credentials are shared via headers when following cross-domain redirects. A remote attacker can gain access to sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Resource exhaustion

EUVDB-ID: #VU85848

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6481

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in logback receiver component. A remote attacker can send send poisoned data, trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Resource exhaustion

EUVDB-ID: #VU77573

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34462

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Deserialization of Untrusted Data

EUVDB-ID: #VU64152

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-25647

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to insecure input validation when processing serialized data passed to writeReplace() method. A remote attacker can pass specially crafted data to the application and perform a denial of service attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Deserialization of Untrusted Data

EUVDB-ID: #VU85618

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-6378

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure input validation when processing serialized data in logback receiver component. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Resource exhaustion

EUVDB-ID: #VU77362

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34455

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Integer overflow

EUVDB-ID: #VU77361

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34454

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in compress. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Integer overflow

EUVDB-ID: #VU77359

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-34453

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in shuffle. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Cross-site scripting

EUVDB-ID: #VU85368

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-22195

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) LDAP injection

EUVDB-ID: #VU72492

Risk: High

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-25613

CWE-ID: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to improper input validation when processing DLAP queries in LdapIdentityBackend. A remote non-authenticated attacker can send a specially crafted LDAP query to the application, bypass authentication process and gain unauthorized access to the application.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) XML External Entity injection

EUVDB-ID: #VU79749

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-46751

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Code Injection

EUVDB-ID: #VU85113

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26145

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. A remote attacker can use these paths to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Authorization bypass through user-controlled key

EUVDB-ID: #VU83312

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-44981

CWE-ID: CWE-639 - Authorization Bypass Through User-Controlled Key

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server list, is optional and if it's missing, the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper Certificate Validation

EUVDB-ID: #VU75606

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-31486

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to missing verification of the TLS certificate. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Path traversal

EUVDB-ID: #VU90715

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-29180

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Open redirect

EUVDB-ID: #VU85369

Risk: Low

CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-26159

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data within the url.parse() function. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU82969

Risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-41419

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests within keep-alive connection. A remote attacker can send several HTTP request to the server, bypass implemented filtration and smuggle arbitrary HTTP requests to the library.


Mitigation

Install update from vendor's website.

Vulnerable software versions

QRadar User Behavior Analytics: before 4.1.16

CPE2.3 External links

http://www.ibm.com/support/pages/node/7150844


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###