IBM6473C7788923283F01B09B56E980E6BA387FEBB5AD805CB7A0466F8AB7CF3F52Security Bulletin: Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure (CVE-2021-38153, CVE-2018-17196)
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
59.9%
Summary
Apache Kafka as used by IBM QRadar SIEM is vulnerable to information disclosure. IBM has addressed the relevant CVEs.
Vulnerability Details
CVEID:CVE-2021-38153
**DESCRIPTION:**Apache Kafka could allow a remote attacker to obtain sensitive information, caused by a timing attack flaw due to the use of “Arrays.equals” to validate a password or key. By utilizing brute-force attack techniques, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209762 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2018-17196
**DESCRIPTION:**Apache Kafka could allow a remote authenticated attacker to bypass security restrictions, caused by improper input validation. By sending a specially-crafted Produce request, an attacker could exploit this vulnerability to bypass transaction/idempotent ACL validation.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163622 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM QRadar SIEM v7.3 | All ApacheKafka versions before 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209 |
| IBM QRadar SIEM v7.4 | All ApacheKafka versions before 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217 |
| IBM QRadar SIEM v7.5 | All ApacheKafka versions before 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113 |
Remediation/Fixes
IBM encourages customers to update their systems promptly.
See the Related Information section below for instructions on verifying your currently installed version.
| Product | Versions | Fix |
|---|---|---|
| IBM QRadar SIEM | 7.3 | 7.3.0-QRADAR-PROTOCOL-ApacheKafka-7.3-20220429171209 |
| IBM QRadar SIEM | 7.4 | 7.4.0-QRADAR-PROTOCOL-ApacheKafka-7.4-20220429171217 |
| IBM QRadar SIEM | 7.5 | 7.5.0-QRADAR-PROTOCOL-ApacheKafka-7.5-20220429171113 |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm qradar siem | eq | 7.3 | |
| ibm qradar siem | eq | 7.4 | |
| ibm qradar siem | eq | 7.5 |
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
0.002 Low
EPSS
Percentile
59.9%