Risk | High |
Patch available | YES |
Number of vulnerabilities | 14 |
CVE-ID | CVE-2024-3596 CVE-2024-10963 CVE-2024-10041 CVE-2023-34462 CVE-2022-41915 CVE-2022-41881 CVE-2023-33546 CVE-2019-12900 CVE-2024-52316 CVE-2024-52317 CVE-2024-52318 CVE-2023-35116 CVE-2024-51504 CVE-2024-23454 |
CWE-ID | CWE-327 CWE-287 CWE-922 CWE-400 CWE-113 CWE-835 CWE-787 CWE-399 CWE-79 CWE-20 CWE-290 CWE-276 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #10 is available. |
Vulnerable software |
IBM QRadar Incident Forensics Other software / Other software solutions IBM Qradar SIEM Client/Desktop applications / Other client software |
Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
EUVDB-ID: #VU94063
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-3596
CWE-ID:
CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to use of a broken or risky cryptographic algorithm in RADIUS Protocol. A remote user can perform a man-in-the-middle (MitM) attack and gain access to target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3http://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU100912
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-10963
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in pam_access module where certain rules in its configuration file are mistakenly treated as hostnames. A remote attacker can bypass authentication process and gain unauthorized access to the system.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100997
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-10041
CWE-ID:
CWE-922 - Insecure Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to software stores secrets in memory in plain text. A local user can read the memory and obtain passwords in plain text when PAM is used to perform authentication.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU77573
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-34462
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70119
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41915
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not validate header values when calling DefaultHttpHeaders.set with an iterator of values. A remote attacker can inject arbitrary header values and perform HTTP splitting attacks.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU70118
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2022-41881
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the HaProxyMessageDecoder when parsing a TLV with type of "PP2_TYPE_SSL". A remote attacker can pass a specially crafted message to consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU79924
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-33546
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
Description The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when using the expression evaluator.guess parameter name method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU19178
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-12900
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100588
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52316
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error when processing authentication requests. If Tomcat was configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not have failed, allowing the user to bypass the authentication process.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU100587
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-52317
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources when handling HTTP/2 responses, which causes request and/or response mix-up between users. A remote non-authenticated attacker can send a series of HTTP/2 requests and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU100591
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-52318
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in generated JSPs. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU82122
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-35116
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU99975
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-51504
CWE-ID:
CWE-290 - Authentication Bypass by Spoofing
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass IP-based authentication.
The vulnerability exists due to IPAuthenticationProvider is using the X-Forwarded-For HTTP header when authenticated users by IP address in the Admin Server. A remote attacker can pass a trusted IP addresses via the X-Forwarded-For HTTP header and gain unauthorized access to the application.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU97712
Risk: Low
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-23454
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the RunJar.run() method does not set permissions for temporary directory by default. A local user with access to the system can view contents of files and directories.
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Incident Forensics: before 7.5.0 UP10 IF02
IBM Qradar SIEM: before 7.5.0 UP10 IF02
CPE2.3 External linkshttp://www.ibm.com/support/pages/node/7178556
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.