Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM078A4343C93453B198729B9CBD3AE809855D1997E5128FCB1C227C2464C9E3FE
HistoryMay 15, 2024 - 8:35 a.m.

Security Bulletin: An IBM QRadar SIEM SNMP protocol is vulnerable to a denial of service, SQL injection and could allow a remote attacker to execute arbitrary code on the system.

2024-05-1508:35:32
www.ibm.com
15
ibm qradar siem
snmp protocol
apache log4j
denial of service
sql injection
remote code execution

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.806

Percentile

98.4%

JSON

Summary

Apache Log4j could allow a remote attacker to execute arbitrary code on the system. It is also vulnerable to SQL injection and could lead to a denial of service caused by a flaw when using the Chainsaw or SocketAppender components.

Vulnerability Details

CVEID:CVE-2022-23307
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the in Apache Chainsaw component. By sending specially-crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217462 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2023-26464
**DESCRIPTION:**Apache Log4j is vulnerable to a denial of service, caused by a flaw when using the Chainsaw or SocketAppender components. By sending a specially crafted hashmap or hashtable, a remote attacker could exploit this vulnerability to exhaust available memory in the virtual machine, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/249785 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2022-23302
**DESCRIPTION:**Apache Log4j could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization in JMSSink. By sending specially-crafted JNDI requests using TopicConnectionFactoryBindingName configuration, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217460 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-9493
**DESCRIPTION:**Apache Chainsaw could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw when reading the log events. By sending specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203829 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2020-9488
**DESCRIPTION:**Apache Log4j is vulnerable to a man-in-the-middle attack, caused by improper certificate validation with host mismatch in the SMTP appender. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180824 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2019-17571
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by improper deserialization of untrusted data in SocketServer. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/173314 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2022-23305
**DESCRIPTION:**Apache Log4j is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the JDBCAppender, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217461 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

CVEID:CVE-2021-4104
**DESCRIPTION:**Apache Log4j could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data when the attacker has write access to the Log4j configuration. If the deployed application is configured to use JMSAppender, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215048 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM QRadar SIEM 7.5 - 7.5.0 UP8

Remediation/Fixes

Product Version Fix
IBM QRadar SIEM 7.5.0 7.5.0 QRadar Protocol SNMP

Workarounds and Mitigations

Please be aware that these updates are available via Auto Update if you have it enabled.

Affected configurations

Vulners
Node
ibmqradar_network_securityMatch7.5
VendorProductVersionCPE
ibmqradar_network_security7.5cpe:2.3:a:ibm:qradar_network_security:7.5:*:*:*:*:*:*:*

Related

ibm 33
openvas 17
nessus 40
githubexploit 4
redhat 31
gentoo 1
atlassian 8
osv 14
ubuntu 1
suse 4
almalinux 1
oraclelinux 3
debian 1
rocky 1
mageia 1
amazon 4
centos 1
rosalinux 1
f5 5
github 4
debiancve 4
nvd 3
cvelist 3
cve 3
ubuntucve 3
prion 3
cloudlinux 1
attackerkb 1
veracode 2
redhatcve 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Log4j affects IBM Security Access Manager for Enterprise Single Sign-On
2023-07-25 04:26:28
Security Bulletin: Multiple vulnerabilities in log4j-1.2.16.jar used by IBM Operations Analytics - Log Analysis
2022-09-19 06:36:49
Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)
2022-06-22 22:12:35
openvas
openvas
ILIAS < 5.4.26, 6.x < 6.14, 7.x < 7.5 ilServer Multiple Log4j Vulnerabilities
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2022-1330)
2022-03-21 00:00:00
Huawei EulerOS: Security Advisory for log4j (EulerOS-SA-2022-1744)
2022-05-25 00:00:00
nessus
nessus
Apache Log4j 1.x Multiple Vulnerabilities
2022-01-19 00:00:00
GLSA-202402-16 : Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : Apache Log4j vulnerabilities (USN-5998-1)
2023-04-06 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Log4J
2022-01-29 14:26:55
Exploit for Deserialization of Untrusted Data in Apache Log4J
2021-12-14 22:27:14
Exploit for Expression Language Injection in Apache Log4J
2021-12-11 11:18:46
redhat
redhat
(RHSA-2022:0497) Important: Red Hat JBoss Data Virtualization 6.4.8.SP1 security update
2022-02-09 13:03:14
(RHSA-2022:0507) Important: Red Hat JBoss Data Virtualization 6.4.8.SP2 security update
2022-02-10 17:22:10
(RHSA-2022:0294) Important: parfait:0.5 security update
2022-01-26 14:34:09
gentoo
gentoo
Apache Log4j: Multiple Vulnerabilities
2024-02-18 00:00:00
atlassian
atlassian
Crowd: Multiple vulnerabilities in log4j < 1.2.7-atlassian-16
2022-05-18 08:53:01
Jira: Multiple vulnerabilities in log4j < 1.2.17-atlassian-16
2022-06-06 12:49:38
Update Log4j to 1.2.17-atlassian-16 to fix CVE-2022-23305, CVE-2022-23307, CVE-2020-9493, CVE-2022-23302
2022-07-04 12:01:19
osv
osv
apache-log4j1.2 vulnerabilities
2023-04-05 21:26:34
apache-log4j1.2 - security update
2022-01-31 00:00:00
Important: parfait:0.5 security update
2022-01-26 14:27:19
ubuntu
ubuntu
Apache Log4j vulnerabilities
2023-04-05 00:00:00
suse
suse
Security update for kafka (important)
2022-02-16 00:00:00
Security update for log4j12 (important)
2022-01-28 00:00:00
Security update for log4j (important)
2022-01-27 00:00:00
almalinux
almalinux
Important: parfait:0.5 security update
2022-01-26 14:27:19
oraclelinux
oraclelinux
parfait:0.5 security update
2022-01-27 00:00:00
log4j security update
2022-02-08 00:00:00
log4j security update
2022-05-23 00:00:00
debian
debian
[SECURITY] [DLA 2905-1] apache-log4j1.2 security update
2022-01-31 14:24:44
rocky
rocky
parfait:0.5 security update
2022-01-26 14:27:19
mageia
mageia
Updated davmail packages fix security vulnerability
2023-04-15 22:03:44
amazon
amazon
Important: log4j
2022-02-15 22:54:00
Important: log4j
2023-03-30 22:50:00
Important: log4j
2022-01-18 20:15:00
centos
centos
log4j security update
2022-02-07 16:47:44
rosalinux
rosalinux
Advisory ROSA-SA-2021-1909
2021-07-02 17:26:24
f5
f5
K34002344 : Overview of Log4j vulnerabilities (2021 and 2022)
2022-02-01 00:00:00
K00322972 : Apache Log4j Chainsaw vulnerability CVE-2022-23307
2022-01-31 00:00:00
K59563964 : Apache Log4j Remote Code Execution vulnerability CVE-2022-23302
2022-01-31 00:00:00
github
github
Deserialization of Untrusted Data in Apache Log4j
2022-01-19 00:01:15
Deserialization of Untrusted Data in Log4j 1.x
2022-01-21 23:27:14
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
2023-03-10 15:30:43
debiancve
debiancve
CVE-2022-23307
2022-01-18 16:15:08
CVE-2022-23302
2022-01-18 16:15:08
CVE-2019-17571
2019-12-20 17:15:11
nvd
nvd
CVE-2022-23307
2022-01-18 16:15:08
CVE-2022-23302
2022-01-18 16:15:08
CVE-2023-26464
2023-03-10 14:15:10
cvelist
cvelist
CVE-2022-23307 A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.
2022-01-18 15:25:23
CVE-2022-23302 Deserialization of untrusted data in JMSSink in Apache Log4j 1.x
2022-01-18 15:25:20
CVE-2023-26464 Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender
2023-03-10 13:38:16
cve
cve
CVE-2022-23307
2022-01-18 16:15:08
CVE-2022-23302
2022-01-18 16:15:08
CVE-2023-26464
2023-03-10 14:15:10
ubuntucve
ubuntucve
CVE-2022-23307
2022-01-18 00:00:00
CVE-2022-23302
2022-01-18 00:00:00
CVE-2023-26464
2023-03-10 00:00:00
prion
prion
Deserialization of untrusted data
2022-01-18 16:15:00
Deserialization of untrusted data
2022-01-18 16:15:00
Code injection
2023-03-10 14:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2022-23307, CVE-2022-23302
2022-02-10 13:49:32
attackerkb
attackerkb
CVE-2019-17571
2019-12-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-03-10 23:28:50
Arbitrary Code Execution
2019-12-23 04:57:47
redhatcve
redhatcve
CVE-2023-26464
2023-03-30 07:13:01

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.806

Percentile

98.4%

JSON
Related for 078A4343C93453B198729B9CBD3AE809855D1997E5128FCB1C227C2464C9E3FE
ibm33openvas17nessus40githubexploit4redhat31gentoo1atlassian8osv14ubuntu1suse4almalinux1oraclelinux3debian1rocky1mageia1amazon4centos1rosalinux1f55github4debiancve4nvd3cvelist3cve3ubuntucve3prion3cloudlinux1attackerkb1veracode2redhatcve1