There are multiple vulnerabilities in IBM products: QRadar SIEM, and Storwize V7000 Unified
#1. Multiple vulnerabilities in IBM QRadar SIEM
Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 2
CVSSv2 Rating: (AV: A / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: A / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.8 / Temporal: 3.5
CVE ID: CVE-2014-4824; CVE-2014-4826
Vector operation: Local Network
Impact: Disclosure of sensitive data, Unauthorized modification of data
Affected Products: QRadar SIEM 7.x
Affected versions: IBM QRadar SIEM 7.2 MR2
Description:
Vulnerabilities allow a remote user to execute arbitrary SQL commands in the application database and gain access to sensitive data.
1. The vulnerability is due to an unknown error when processing the input data. This can be exploited to execute arbitrary SQL commands in the application database.
2. The vulnerability is due to an unknown error when processing SSH connections. The remote user can perform MitM-attack and reveal the user’s credentials.
Solution: Install the latest version 7.2.3 Maintenance Release 3 Patch 1 from the manufacturer.
Link: https://www.ibm.com/support/docview.wss?uid=swg21684448
#2. Multiple vulnerabilities in the IBM Storwize V7000 Unified
Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 5
CVSSv2 Rating: (AV: A / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 3.3 / Temporal: 2.4
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2007-6750; CVE-2014-0075; CVE-2014-0096; CVE-2014-0099; CVE-2014-0119; CVE-2014-3493
Vector operation: Local Network
Impact: Denial of service (DDoS attack), Disclosure of sensitive data, Security Bypass
Affected Products: IBM Storwize V7000 Unified 1.x
Affected versions: IBM Storwize V7000 Unified version to 1.5.0.2
Description:
Vulnerabilities allow malicious user to bypass certain security restrictions, gain access to sensitive information and cause a denial of service.
1. The vulnerability is caused due to the presence of a vulnerable version of Samba. These vulnerabilities allows a remote user to cause a denial-of-service of application:
– An unspecified error in the “sys_recvfrom ()” in the file source3 / lib / system.c. A remote user can send specially crafted NetBIOS packet and cause an infinite loop in the nmbd daemon.
– An unspecified error in the handling of file names Unicode. A remote user can write to the not boundaries that subsequently lead to crash the smbd daemon.
2. The vulnerability is caused due to the presence of a vulnerable version of Apache Tomcat. The discovered vulnerabilities allow malicious user to bypass certain security restrictions and gain access to certain confidential information.
Solution: Install the latest version 1.5.0.2 from the manufacturer.
Links:
https://www.ibm.com/support/docview.wss?uid=ssg1S1004834
https://www.ibm.com/support/docview.wss?uid=ssg1S1004836
https://www.ibm.com/support/docview.wss?uid=ssg1S1004854
Manufacturer URLs:
http://www-03.ibm.com/software/products/us/en/qradar-siem/
http://www-03.ibm.com/systems/storage/disk/storwize_v7000/