Multiple vulnerabilities in IBM Products – October 11, 2014

Posted: October 11, 2014 in Vulnerability News
Tags: , , , ,

ibm logoThere are multiple vulnerabilities in IBM products: QRadar SIEM, and Storwize V7000 Unified

#1. Multiple vulnerabilities in IBM QRadar SIEM

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 2
CVSSv2 Rating: (AV: A / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: A / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.8 / Temporal: 3.5
CVE ID: CVE-2014-4824; CVE-2014-4826

Vector operation: Local Network
Impact: Disclosure of sensitive data, Unauthorized modification of data

Affected Products: QRadar SIEM 7.x
Affected versions: IBM QRadar SIEM 7.2 MR2

IBM QRadar SIEM

Description:
Vulnerabilities allow a remote user to execute arbitrary SQL commands in the application database and gain access to sensitive data.

1. The vulnerability is due to an unknown error when processing the input data. This can be exploited to execute arbitrary SQL commands in the application database.

2. The vulnerability is due to an unknown error when processing SSH connections. The remote user can perform MitM-attack and reveal the user’s credentials.

Solution: Install the latest version 7.2.3 Maintenance Release 3 Patch 1 from the manufacturer.

Link: https://www.ibm.com/support/docview.wss?uid=swg21684448

#2. Multiple vulnerabilities in the IBM Storwize V7000 Unified

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 5
CVSSv2 Rating: (AV: A / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 3.3 / Temporal: 2.4
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2007-6750; CVE-2014-0075; CVE-2014-0096; CVE-2014-0099; CVE-2014-0119; CVE-2014-3493

Vector operation: Local Network
Impact: Denial of service (DDoS attack), Disclosure of sensitive data, Security Bypass

Affected Products: IBM Storwize V7000 Unified 1.x
Affected versions: IBM Storwize V7000 Unified version to 1.5.0.2
IBM Storwize family
Description:
Vulnerabilities allow malicious user to bypass certain security restrictions, gain access to sensitive information and cause a denial of service.

1. The vulnerability is caused due to the presence of a vulnerable version of Samba. These vulnerabilities allows a remote user to cause a denial-of-service of application:

– An unspecified error in the “sys_recvfrom ()” in the file source3 / lib / system.c. A remote user can send specially crafted NetBIOS packet and cause an infinite loop in the nmbd daemon.

– An unspecified error in the handling of file names Unicode. A remote user can write to the not boundaries that subsequently lead to crash the smbd daemon.

2. The vulnerability is caused due to the presence of a vulnerable version of Apache Tomcat. The discovered vulnerabilities allow malicious user to bypass certain security restrictions and gain access to certain confidential information.

Solution: Install the latest version 1.5.0.2 from the manufacturer.

Links:
https://www.ibm.com/support/docview.wss?uid=ssg1S1004834
https://www.ibm.com/support/docview.wss?uid=ssg1S1004836
https://www.ibm.com/support/docview.wss?uid=ssg1S1004854


IBM logoManufacturer URLs:

http://www-03.ibm.com/software/products/us/en/qradar-siem/
http://www-03.ibm.com/systems/storage/disk/storwize_v7000/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s