Multiple vulnerabilities in IBM QRadar Suite software
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 21 |
| CVE-ID | CVE-2024-28102 CVE-2021-43565 CVE-2023-25809 CVE-2022-29162 CVE-2021-43784 CVE-2023-28642 CVE-2021-30465 CVE-2023-27561 CVE-2024-21501 CVE-2024-21503 CVE-2024-24758 CVE-2023-26159 CVE-2024-27088 CVE-2015-3627 CVE-2023-28841 CVE-2023-28842 CVE-2023-28840 CVE-2023-45857 CVE-2024-1135 CVE-2023-46136 CVE-2023-44270 |
| CWE-ID | CWE-400 CWE-20 CWE-281 CWE-264 CWE-190 CWE-254 CWE-284 CWE-200 CWE-601 CWE-61 CWE-311 CWE-420 CWE-352 CWE-444 CWE-407 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
QRadar Suite Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 21 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU87180
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28102
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing highly compressed data within the deserialize() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU64805
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43565
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper Preservation of Permissions
EUVDB-ID: #VU74189
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25809
CWE-ID:
CWE-281 - Improper preservation of permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the rootless "/sys/fs/cgroup" is writable when cgroupns is not unshared. A local administrator can gain the write access to user-owned cgroup hierarchy "/sys/fs/cgroup/user.slice/..." on the host.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU63090
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-29162
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to containers are incorrectly started with non-empty inheritable Linux process capabilities, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer overflow
EUVDB-ID: #VU58522
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-43784
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in netlink bytemsg length field. A remote authenticated attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper Preservation of Permissions
EUVDB-ID: #VU74193
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28642
CWE-ID:
CWE-281 - Improper preservation of permissions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper preservation of permissions in the AppArmor and SELinux when /proc inside the container is symlinked with a specific mount configuration. A remote attacker can gain access to the target application.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Security features bypass
EUVDB-ID: #VU53399
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30465
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the security features bypass issue. A remote authenticated attacker on the local network can perform a symlink exchange attack and host filesystem being bind-mounted into the container.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper access control
EUVDB-ID: #VU74190
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27561
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU88801
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21501
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application when used on the backend and with the style attribute allowed. A remote attacker can enumerate files on the system, including project dependencies.
Install update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU87583
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-21503
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU86709
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-24758
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application does not clear the Proxy-Authentication HTTP header when handling cross-origin redirects. A remote attacker can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Open redirect
EUVDB-ID: #VU85369
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-26159
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data within the url.parse() function. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Resource exhaustion
EUVDB-ID: #VU88394
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-27088
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged user can pass functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) UNIX symbolic link following
EUVDB-ID: #VU66857
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-3627
CWE-ID:
CWE-61 - UNIX Symbolic Link (Symlink) Following
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue, because Docker opens the file-descriptor passed to the pid-1 process before performing the chroot. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Missing Encryption of Sensitive Data
EUVDB-ID: #VU74467
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28841
CWE-ID:
CWE-311 - Missing Encryption of Sensitive Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing encryption of sensitive data within the overlay network driver. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Unprotected Alternate Channel
EUVDB-ID: #VU74469
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28842
CWE-ID:
CWE-420 - Unprotected Alternate Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.
Install update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Unprotected Alternate Channel
EUVDB-ID: #VU74468
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28840
CWE-ID:
CWE-420 - Unprotected Alternate Channel
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Cross-site request forgery
EUVDB-ID: #VU82558
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-45857
CWE-ID:
CWE-352 - Cross-Site Request Forgery (CSRF)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU89167
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-1135
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Inefficient Algorithmic Complexity
EUVDB-ID: #VU82548
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-46136
CWE-ID:
CWE-407 - Inefficient Algorithmic Complexity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to high resource usage when parsing multipart/form-data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU81307
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-44270
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of external CSS files when parsing the "\r" character. A remote attacker can pass specially crafted input to the application and perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsQRadar Suite: 1.10.12.0 - 1.10.20.0
CPE2.3- cpe:2.3:a:ibm_corporation:qradar:1.10.12.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.13.0:*:*:*:*:*:*:
- cpe:2.3:a:ibm_corporation:qradar:1.10.14.0:*:*:*:*:*:*:
http://www.ibm.com/support/pages/node/7150150
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
