Risk | High |
Patch available | YES |
Number of vulnerabilities | 17 |
CVE-ID | CVE-2024-34156 CVE-2024-34750 CVE-2024-5569 CVE-2024-6221 CVE-2023-26136 CVE-2024-41818 CVE-2024-38428 CVE-2024-34158 CVE-2024-34155 CVE-2023-50314 CVE-2024-42367 CVE-2024-39338 CVE-2024-24789 CVE-2023-6228 CVE-2023-52356 CVE-2023-25433 CVE-2018-15209 |
CWE-ID | CWE-400 CWE-399 CWE-835 CWE-200 CWE-1321 CWE-1333 CWE-20 CWE-61 CWE-918 CWE-122 CWE-787 CWE-119 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #4 is available. |
Vulnerable software |
IBM Cloud Pak for Security Server applications / Other server solutions QRadar Suite Server applications / IDS/IPS systems, Firewalls and proxy servers |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
EUVDB-ID: #VU97216
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34156
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to encoding/gob does not properly control consumption of internal resources when calling Decoder.Decode. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
Note, this vulnerability is related to #VU66068 (CVE-2024-34156).
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93732
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34750
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling HTTP/2 stream. A remote attacker can initiate multiple HTTP/2 connections to the server that are remain open and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU94792
Risk: Medium
CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-5569
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can pass a specially crafted zip file to the application, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96730
Risk: Medium
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-6221
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application within the "Access-Control-Allow-Private-Network" CORS header. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU80323
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-26136
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97478
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-41818
CWE-ID:
CWE-1333 - Inefficient Regular Expression Complexity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU93077
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38428
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to improper input validation of URL when parsing strings with semicolons within the scheme_leading_string() function in url.c. A remote attacker can pass a specially crafted URL to the application and influence its behavior in which data that was supposed to be in the userinfo subcomponent is misinterpreted to be part of the host subcomponent.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97217
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34158
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/build/constraint does not properly control consumption of internal resources when calling Parse on a "// +build" build tag line with deeply nested expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97215
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-34155
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to go/parser does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96058
Risk: Low
CVSSv4.0: 0.6 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-50314
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can use a certificate issued by a trusted authority to obtain sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96003
Risk: High
CVSSv4.0: 8 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-42367
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a symlink following issue when handling static routes which contain files with compressed variants in the FileResponse class even when "follow_symlinks=False" is set. A remote attacker can pass a specially crafted file to the application and perform directory traversal attacks.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU96050
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-39338
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU91159
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-24789
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate data.
The vulnerability exists due to insufficient validation of user-supplied input in archive/zip when handling zip archives. A remote attacker can create a zip file with content that will vary depending on the implementation reading the file.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86757
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-6228
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the cpStripToTile() function in libtiff/tools/tiffcp.c. A remote attacker can pass a specially crafted TIFF image to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86755
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2023-52356
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the TIFFReadRGBATileExt() API. A remote attacker can pass a specially crafted TIFF file to the application, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU78285
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-25433
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing TIFF images within the rotateImage() function in /libtiff/tools/tiffcrop.c. A remote attacker can pass a specially crafted image to the application, trigger memory corruption and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16203
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-15209
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to heap-based buffer overflow in ChopUpSingleUncompressedStrip in tif_dirread.c. A remote unauthenticated attacker can trick the victim into opening a specially crafted crafted TIFF file, trigger memory corruption and cause the affected software to crash, resulting in a DoS condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Cloud Pak for Security: 1.10.0.0 - 1.10.11.0
QRadar Suite: before 1.10.26.0
CPE2.3http://www.ibm.com/support/pages/node/7172678
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.