IBMB5A64C62AD14AC5F708718469CD252B6E7CC148ED6744F6CA78BE827CE0DE99FSecurity Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
76.3%
Summary
The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs.
Vulnerability Details
CVEID:CVE-2022-23816
**DESCRIPTION:**Xen could allow a local authenticated attacker to obtain sensitive information, caused by a Branch Type Confusion vulnerability due to the Intel and AMD processors it utilizes. An attacker could exploit this vulnerability to leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230961 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2022-23825
**DESCRIPTION:**Xen could allow a local authenticated attacker to obtain sensitive information, caused by a Branch Type Confusion vulnerability due to the Intel and AMD processors it utilizes. An attacker could exploit this vulnerability to leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230962 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2022-2588
**DESCRIPTION:**Linux Kernel could allow a local authenticated attacker to gain elevated privileges on the system, caused by a use-after-free flaw in the cls_route filter implementation. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233085 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVEID:CVE-2022-26373
**DESCRIPTION:**VMware ESXi could allow a local authenticated attacker to obtain sensitive information, caused by a return-stack-buffer-underflow in the Intel and AMD processors that it utilizes. An attacker could exploit this vulnerability to exploit various side-channel CPU flaws, obtain sensitive information from physical memory about the hypervisor or other virtual machines that reside on the same ESXi host, and use this information to launch further attacks against the affected system.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/233046 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2022-29900
**DESCRIPTION:**Xen could allow a local authenticated attacker to obtain sensitive information, caused by a Branch Type Confusion vulnerability due to the Intel and AMD processors it utilizes. An attacker could exploit this vulnerability to leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same ESXi host.
CVSS Base score: 5.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230963 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2022-29901
**DESCRIPTION:**Intel Processors could allow a local authenticated attacker to obtain sensitive information, caused by the non-transparent sharing of branch predictor targets between contexts attacks. An attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 4.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/230960 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2022-42898
**DESCRIPTION:**MIT krb5 is vulnerable to a denial of service, caused by an integer overflow in PAC parsing in the krb5_parse_pac() function. By sending a specially-crafted request, a remote authenticated attacker could exploit this vulnerability to cause a KDC or kadmind process to crash.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/240238 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM QRadar SIEM | 7.5.0 - 7.5.0 UP4 |
| IBM QRadar SIEM | 7.4.3 GA - 7.4.3 FP8 |
Remediation/Fixes
IBM recommends customers update their systems promptly.
| Product | Version | Remediation/First Fix |
|---|---|---|
| IBM QRadar SIEM | 7.5.0 | 7.5.0 UP4 IF01 |
| IBM QRadar SIEM | 7.4.3 | 7.4.3 FP9 |
Workarounds and Mitigations
None
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.4 | |
| ibm security qradar siem | eq | 7.5 |
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.005 Low
EPSS
Percentile
76.3%