Multiple vulnerabilities in IBM QRadar Network Security
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2018-11782 CVE-2019-19956 CVE-2019-20388 CVE-2020-7595 CVE-2019-5094 CVE-2019-5188 CVE-2017-12652 CVE-2019-11068 CVE-2019-18197 |
| CWE-ID | CWE-617 CWE-401 CWE-835 CWE-787 CWE-20 CWE-264 CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. |
| Vulnerable software |
IBM QRadar Network Security Web applications / Other software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Reachable Assertion
EUVDB-ID: #VU19589
Risk: Medium
CVSSv4.0: 4.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2018-11782
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling svnserve 'get-deleted-rev' requests. A remote authenticated attacker with read-only permissions can make the server to reply with incorrect revision number that will lead to svnserve crash.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Memory leak
EUVDB-ID: #VU24489
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-19956
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. A remote attacker can trigger a memory leak related to newDoc->oldNs and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory leak
EUVDB-ID: #VU24487
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-20388
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in xmlSchemaPreRun in xmlschemas.c. A remote attacker can trigger a xmlSchemaValidateStream memory leak and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Infinite loop
EUVDB-ID: #VU24488
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-7595
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in xmlStringLenDecodeEntities in parser.c. A remote attacker can consume all available system resources and cause denial of service conditions in a certain end-of-file situation.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds write
EUVDB-ID: #VU21329
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-5094
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the quota file functionality. A local user can send a specially crafted xt4 partition, trigger out-of-bounds write on the heap and execute arbitrary code on the target system.
Note: An attacker can corrupt a partition to trigger this vulnerability.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Out-of-bounds write
EUVDB-ID: #VU24078
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2019-5188
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the directory rehashing functionality in "rehash.c" within the "mutate_name()" function. A local user can use a specially crafted ext4 directory, trigger out-of-bounds write on the stack and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Input validation error
EUVDB-ID: #VU19180
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12652
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in libpng when checking the chuck length against the user limit. A remote attacker can supply a specially crafted PNG image and crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18276
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-11068
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to an error within the xsltCheckRead() and xsltCheckWrite() functions when processing requests from remote servers. A remote attacker can trick the victim into opening a specially crafted URL that will result in "-1 error" code but the URL itself will be processed by the application later.
Successful exploitation of the vulnerability may allow an attacker to bypass certain security restrictions and perform XXE attacks.Mitigation
Install update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer overflow
EUVDB-ID: #VU21942
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2019-18197
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xsltCopyText() function in transform.c in libxslt. A remote attacker can create a specially crafted XML document, pass it to the affected application, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM QRadar Network Security: 5.4.0 - 5.5.0.7
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_network_security:5.4.0.2:*:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/6441625
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
