SB2023070708 - Multiple vulnerabilities in IBM QRadar SIEM 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023070708

SB2023070708 - Multiple vulnerabilities in IBM QRadar SIEM

Published: July 7, 2023 Updated: June 7, 2024

Security Bulletin ID SB2023070708
Severity
High
Patch available
YES
Number of vulnerabilities 42
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

High 17% Medium 60% Low 24%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 42 secuirty vulnerabilities.


1) Prototype pollution (CVE-ID: CVE-2021-43138)

The vulnerability allows a remote attacker to escalate privileges within the application.

The vulnerability exists due to improper input validation when handling data passed via the mapValues() method. A remote attacker can send a specially crafted request and escalate privileges within the application.


2) Out-of-bounds write (CVE-ID: CVE-2022-43750)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.


3) Out-of-bounds write (CVE-ID: CVE-2022-40151)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a boundary error if the parser is running on user supplied input. A remote attacker can pass a specially crafted XML input to the application and perform a denial of service attack.


4) Double Free (CVE-ID: CVE-2023-1999)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in libwebp. A remote attacker can trick the victim to visit a specially crafted page, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Resource exhaustion (CVE-ID: CVE-2022-42004)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control usage of deeply nested arrays in BeanDeserializer._deserializeFromArray. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Deserialization of Untrusted Data (CVE-ID: CVE-2022-42003)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insecure input validation when processing serialized data when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.


7) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-20859)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to software stores sensitive information into log files when application attempts to revoke a Vault batch token. A local user can read the log files and gain access to sensitive data.


8) Resource exhaustion (CVE-ID: CVE-2022-34917)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote non-authenticated attacker with ability to establish a network connection with the Apache Kafka broker can consume all available memory resources on the system and perform a denial of service (DoS) attack.


9) Deserialization of Untrusted Data (CVE-ID: CVE-2023-25194)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to Apache Kafka Connect performs deserialization of data retrieved from the configured LDAP server in "com.sun.security.auth.module.JndiLoginModule". A remote user ability to create/modify connectors on the server with an arbitrary Kafka client SASL JAAS config can configure the server to connect to a malicious LDAP server and execute arbitrary Java code on the system.


10) Stack-based buffer overflow (CVE-ID: CVE-2022-4378)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the __do_proc_dointvec() function. A local user can trigger a stack-based buffer overflow and execute arbitrary code with elevated privileges.


11) Sensitive cookie in HTTPS session without Secure attribute (CVE-ID: CVE-2023-28708)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to Apache Tomcat does not set the "Secure" attribute for the JSESSIONID session cookie when using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https. A remote attacker can force the application to transmit cookie via an insecure channel and intercept it.


12) Use-after-free (CVE-ID: CVE-2022-42703)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the mm/rmap.c in the Linux kernel, related to leaf anon_vma double reuse. A local user can trigger a use-after-free error and crash the kernel.


13) Out-of-bounds write (CVE-ID: CVE-2023-0767)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing PKCS 12 Safe Bag attributes. A remote attacker can create a specially crafted PKCS 12 cert bundle, trick the victim into loading it, trigger an out-of-bounds write and execute arbitrary code on the target system.


14) Improper input validation (CVE-ID: CVE-2015-0254)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The vulnerability exists due to improper input validation within the Information Manager Console (Apache Standard Taglibs) component in Oracle Knowledge. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.


15) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-38023)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to security features bypass in Netlogon RPC. A remote attacker can bypass the Netlogon cryptography feature for signing and sealing traffic during Netlogon authentication.


16) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.



17) Integer overflow (CVE-ID: CVE-2022-23521)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to insufficient validation of user-supplied input when parsing the .gitattributes attributes. A remote attacker can trick the victim into cloning a specially crafted repository and execute arbitrary code on the system.


18) Heap-based buffer overflow (CVE-ID: CVE-2022-41903)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error during git archive invocation. A remote attacker can trick the victim into using the application against a specially crafted archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


19) Input validation error (CVE-ID: CVE-2023-20861)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of SpEL expressions. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


20) Input validation error (CVE-ID: CVE-2023-20863)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote user can use a specially crafted SpEL expression and perform a denial of service (DoS) attack.


21) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-24998)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to Apache Commons FileUpload does not limit the number of request parts. A remote attacker can initiate a series of uploads and perform a denial of service (DoS) attack.


22) Out-of-bounds write (CVE-ID: CVE-2022-45693)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack..

The vulnerability exists due to a boundary error when processing data passed via the map parameter. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.

23) Information disclosure (CVE-ID: CVE-2018-20060)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Authorization HTTP header is not removed from the HTTP request during request redirection in "urllib3/util/retry.py". A remote attacker can intercept the request and gain access to sensitive information, passed via Authorization HTTP header.


24) Input validation error (CVE-ID: CVE-2023-24329)

The vulnerability allows a remote attacker to bypass implemented filters.

The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.


25) Uncontrolled Recursion (CVE-ID: CVE-2023-1436)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to uncontrolled recursion when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.


26) Type Confusion (CVE-ID: CVE-2023-0286)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.

In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.


27) CRLF injection (CVE-ID: CVE-2019-9740)

The vulnerability allows a remote attacker to perform CRLF injection attacks.

The vulnerability exists within urllib2 implementation for Python 2.x and urllib3 implementation for Python 3.x when processing the path component of a URL after the "?" character within the urllib.request.urlopen() call. A remote attacker with ability to control URL, passed to the application, can use CRLF sequences to split the HTTP request and inject arbitrary HTTP headers into request, made by the application.


28) Infinite loop (CVE-ID: CVE-2021-3737)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop. A remote attacker who controls a malicious server can force the client to enter an infinite loop on a 100 Continue response.


29) CRLF injection (CVE-ID: CVE-2022-0391)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data within the urllib.parse module in Python. A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


30) Resource exhaustion (CVE-ID: CVE-2022-45061)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.


31) Input validation error (CVE-ID: CVE-2021-23336)

The vulnerability allows a remote attacker to perform web cache spoofing attack.

The vulnerability exists due to insufficient validation of user-supplied input in django.utils.http.limited_parse_qsl() when parsing strings with a semicolon (";"). A remote attacker can pass specially crafted data to the application and perform a spoofing attack.


32) Open redirect (CVE-ID: CVE-2021-28861)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in lib/http/server.py due to missing protection against multiple (/) at the beginning of URI path. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.


33) Out-of-bounds write (CVE-ID: CVE-2022-40149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing untrusted XML or JSON data. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.


34) CRLF injection (CVE-ID: CVE-2019-18348)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

An issue was discovered in urllib2 in Python 2.x through 2.7.17 and urllib in Python 3.x through 3.8.0. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the first argument to urllib.request.urlopen with (specifically in the host component of a URL) followed by an HTTP header. This is similar to the CVE-2019-9740 query string issue and the CVE-2019-9947 path string issue. (This is not exploitable when glibc has CVE-2016-10739 fixed.)


35) CRLF injection (CVE-ID: CVE-2020-26116)

The vulnerability allows a remote attacker to inject arbitrary data in server response.

The vulnerability exists due to insufficient validation of attacker-supplied data in "http.client". A remote attacker can pass specially crafted data to the application containing CR-LF characters and modify application behavior.


36) Resource management error (CVE-ID: CVE-2021-3733)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application within the AbstractBasicAuthHandler class in urllib. A remote attacker with control over the server can perform regular expression denial of service attack during authentication.


37) OS Command Injection (CVE-ID: CVE-2015-20107)

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.



38) Input validation error (CVE-ID: CVE-2023-20860)

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an input validation error caused by using the wildcard ("**") as a pattern in Spring Security configuration with the mvcRequestMatcher, which creates a mismatch in pattern matching between Spring Security and Spring MVC. A remote attacker can bypass certain security restrictions.


39) Cross-site scripting (CVE-ID: CVE-2019-8331)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


40) Cross-site scripting (CVE-ID: CVE-2016-10735)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via the "data-target" attribute. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


41) Resource exhaustion (CVE-ID: CVE-2022-40150)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing untrusted XML or JSON data. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


42) Out-of-bounds write (CVE-ID: CVE-2022-45685)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack..

The vulnerability exists due to a boundary error when processing crafted JSON data. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds write and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References