Multiple security vulnerabilities have been discovered in the PostgreSQL component bundled with IBM QRadar version 7.1.x and 7.2.x.
CVE-ID:CVE-2014-8161
Description: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a constraint violation error. An attacker could exploit this vulnerability to obtain restricted data.
**CVSS Base Score:**4.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100781 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:L/Au:S/C:P/I:N/A:N
CVE-ID:CVE-2015-0241
Description: PostgreSQL is vulnerable to a buffer overflow, caused by improper bounds checking by the to_char function. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
**CVSS Base Score:**6.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100777 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:S/C:P/I:P/A:P
CVE-ID:CVE-2015-0243
Description: PostgreSQL is vulnerable to a stack buffer overflow, caused by improper bounds checking by the pgcrypto extension. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.
**CVSS Base Score:**6.0 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100779 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:S/C:P/I:P/A:P
CVE-ID:CVE-2015-0244
Description: PostgreSQL could allow a remote authenticated attacker to bypass security restrictions, caused by an error in extended protocol message reading. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass access restrictions.
**CVSS Base Score:**3.5 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/100780 for the current score. **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:S/C:N/I:P/A:N
ยท IBM QRadar Security Information and Event Manager 7.2.x.
ยท IBM QRadar Security Information and Event Manager 7.1.xโฆ
ยท IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 3
ยท IBM QRadar Security Information and Event Manager 7.1 MR2 Patch 11
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.1 | |
ibm security qradar siem | eq | 7.2 |