IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.
CVEID:CVE-2021-38647
**DESCRIPTION:**Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208548 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
IBM QRadar Azure marketplace images 7.3.0 to 7.3.3 Patch 9
IBM QRadar Azure marketplace images 7.4.0 to 7.4.3 Patch 2
1. Check your current version of OMI to see if you are affected. All versions of OMI below v1.6.8-1 are affected
To do this perform the following command:
yum list all | grep omi
2. Add Microsoft Software Repository for RHEL 7 Linux Platform:
sudo yum localinstall <https://packages.microsoft.com/config/rhel/7/packages-microsoft-prod.rpm>
3. Run yum update command for OMI:
sudo yum update omi
4. Disable Microsoft Software Repository after updating the rpm
sudo sed -i 's/^enabled=1/enabled=0/' /etc/yum.repos.d/microsoft-prod.repo
None