Security Bulletin: IBM QRadar Azure marketplace images include Open Management Infrastructure RPM, which is vulnerable to Remote Code Execution (CVE-2021-38647)

Summary

IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.

Vulnerability Details

CVEID:CVE-2021-38647
**DESCRIPTION:**Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208548 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

IBM QRadar Azure marketplace images 7.3.0 to 7.3.3 Patch 9

IBM QRadar Azure marketplace images 7.4.0 to 7.4.3 Patch 2

Remediation/Fixes

1. Check your current version of OMI to see if you are affected. All versions of OMI below v1.6.8-1 are affected
   To do this perform the following command:
   yum list all | grep omi
   
2. Add Microsoft Software Repository for RHEL 7 Linux Platform:
   sudo yum localinstall <https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm>
   
3. Run yum update command for OMI:
   sudo yum update omi
   
4. Disable Microsoft Software Repository after updating the rpm 
   sudo sed -i 's/^enabled=1/enabled=0/' /etc/yum.repos.d/microsoft-prod.repo  

Workarounds and Mitigations

None