IBM QRadar Network Security is affected by an openssh vulnerability
CVEID:CVE-2018-15473
DESCRIPTION: OpenSSH could allow a remote attacker to obtain sensitive information, caused by different responses to valid and invalid authentication attempts. By sending a specially crafted request, an attacker could exploit this vulnerability to enumerate valid usernames.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148397> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM QRadar Network Security 5.4.0
IBM QRadar Network Security 5.5.0
Product | VRMF | Remediation/First Fix |
---|---|---|
IBM QRadar Network Security | 5.4.0 | Install Firmware 5.4.0.9 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. |
Or | ||
Download Firmware 5.4.0.9 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface. | ||
IBM QRadar Network Security | 5.5.0 | Install Firmware 5.5.0.4 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector. |
Or | ||
Download Firmware 5.5.0.4 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface. |
CPE | Name | Operator | Version |
---|---|---|---|
ibm qradar network security | eq | 5.4.0 | |
ibm qradar network security | eq | 5.5.0 |