====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN074
_____________________________________________________________________

DATE                : 04/02/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running IBM QRadar SIEM versions prior to
                          7.4.2 Patch 2, 7.4.1 Patch 2, 7.3.3 Patch 7,
             QRadar incident forensics versions prior to 7.4.2 Patch 2,
                            7.4.1 Patch 2, 7.3.3 Patch 7.

=====================================================================
https://www.ibm.com/support/pages/node/6411016
_____________________________________________________________________

Security Bulletin: IBM QRadar SIEM is vulnerable to using components
with known vulnerabilities


Security Bulletin


Summary

The product includes vulnerable components (e.g., framework libraries)
that may be identified and exploited with automated tools.


Vulnerability Details

CVEID:   CVE-2019-20386
DESCRIPTION:   systemd is vulnerable to a denial of service, caused by a
memory leak in the button_open function in login/logind-button.c. By
executing the udevadm trigger command, a local attacker could exploit
this vulnerability to cause a denial of service condition.
CVSS Base score: 6.2
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
175507 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)


CVEID:   CVE-2019-19126
DESCRIPTION:   GNU C Library could allow a local attacker to bypass
security restrictions, caused by failing to ignore the
LD_PREFER_MAP_32BIT_EXEC environment variable during program execution.
An attacker could exploit this vulnerability to bypass ASLR for a setuid
program.
CVSS Base score: 4
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
172003 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)


CVEID:   CVE-2020-10754
DESCRIPTION:   NetworkManager could allow a remote authenticated
attacker to bypass security restrictions, caused by improper
configuration in the nmcli. By connecting to a network, an attacker
could exploit this vulnerability to bypass authentication.
CVSS Base score: 4.3
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
184636 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)


CVEID:   CVE-2018-20843
DESCRIPTION:   libexpat is vulnerable to a denial of service, caused by
an error in the XML parser. By persuading a victim to open a specially-
crafted file, a remote attacker could exploit this vulnerability to
consume all available CPU resources.
CVSS Base score: 3.3
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
163073 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)


CVEID:   CVE-2019-15903
DESCRIPTION:   libexpat is vulnerable to a denial of service, caused by
a heap-based buffer over-read in XML_GetCurrentLineNumber. By using a
specially-crafted XML input, a remote attacker could exploit this
vulnerability to cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
166560 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)


CVEID:   CVE-2019-14866
DESCRIPTION:   GNU cpio could allow a local authenticated attacker to
gain elevated privileges on the system, caused by the failure to
properly validate input files when generating TAR archives. An attacker
could exploit this vulnerability to inject any tar content and
compromise the system.
CVSS Base score: 6.7
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
171509 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)


CVEID:   CVE-2019-12450
DESCRIPTION:   GNOME GLib could allow a remote attacker to bypass
security restrictions, caused by improper permission control in the
file_copy_fallback in gio/gfile.c. An attacker could exploit this
vulnerability to bypass access restrictions.
CVSS Base score: 5.3
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
161792 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)


CVEID:   CVE-2019-14822
DESCRIPTION:   IBus could allow a local authenticated attacker to bypass
security restrictions, caused by improper authorization validation. By
sending a specially-crafted request, an attacker could exploit this
vulnerability to monitor and send method calls to the ibus bus of
another user.
CVSS Base score: 5.5
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
167063 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)


CVEID:   CVE-2019-5482
DESCRIPTION:   cURL libcurl is vulnerable to a heap-based buffer
overflow, caused by improper bounds checking by the tftp_receive_packet
function. By sending specially-crafted request containing an OACK
without the BLKSIZE option, a remote attacker could overflow a buffer
and execute arbitrary code on the system.
CVSS Base score: 6.3
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/
166942 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)


Affected Products and Versions

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1

IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5


Remediation/Fixes

QRadar / QRM / QVM 7.4.2 Patch 2

QRadar / QRM / QVM 7.4.1 Patch 2

QRadar / QRM / QVM 7.3.3 Patch 7


QRadar incident forensics please use the SFS below

QRadar Incident Forensics / QNI 7.4.2 Patch 2

QRadar Incident Forensics / QNI 7.4.1 Patch 2

QRadar Incident Forensics / QNI 7.3.3 Patch 7



Workarounds and Mitigations

None



Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product
support alerts like this.


References

Complete CVSS v3 Guide
On-line Calculator v3

Off


Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Change History

02 Feb 2021: Initial Publication

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the
links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open
standard designed to convey vulnerability severity and help to determine
urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS
IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE
RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY
VULNERABILITY.


Document Information

Modified date:
02 February 2021

UID

ibm16411016

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================