IBM has published details of vulnerabilities affecting IBM QRadar SIEM. Below are the details.
1) Improper input validation
CVE-ID: CVE-2017-9801
Description
The vulnerability allows a remote attacker to inject arbitrary files. The vulnerability exists due to an improper input validation flaw in the setSubject() method. A remote attacker can supply a specially crafted value containing line break characters, inject SMTP headers and perform further attack.
Mitigation
Install updates from the vendor..
Vulnerable software versions
IBM Qradar SIEM: 7.3 – 7.5.0 Update Pack 1
2) Input validation error
CVE-ID: CVE-2018-1294
Description
The vulnerability allows a remote attacker to gain access to sensitive information.The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and obtain sensitive information.
Mitigation
Install updates from the vendor..
Vulnerable software versions
IBM Qradar SIEM: 7.3 – 7.5.0 Update Pack 1
3) Privilege escalation
CVE-ID: CVE-2021-39088
Description
The vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to the application not properly imposing security restrictions. A local attacker can bypass security restrictions and escalate privileges on the system.
Mitigation
Install update from vendor..
Vulnerable software versions
IBM Qradar SIEM: 7.3 – 7.5.0 Update Pack 1
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.
