SB2022061715 - Multiple vulnerabilities in IBM QRadar SIEM
Published: June 17, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2021-38153)
The vulnerability allows a local user to escalate privileges on the system.
the vulnerability exists due to some components in Apache Kafka use "Arrays.equals" to validate a password or key, which is vulnerable to timing attacks. A local user can abuse the "Arrays.equals" to brute force access credentials and escalate privileges on the system.
2) Improper access control (CVE-ID: CVE-2018-17196)
The vulnerability allows a remote attacker to gain unauthorized access to sensitive information.
The vulnerability exists due to improper security restrictions imposed by the affected software. A remote authenticated attacker with write permission on respective topics can send a crafted Produce request that is designed to bypass transaction/idempotent access control list (ACL) validation.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-kafka-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2021-38153-cve-2018-17196/"
- https://www.ibm.com/blogs/psirt/security-bulletin-apache-kafka-as-used-by-ibm-qradar-siem-is-vulnerable-to-information-disclosure-cve-2021-38153-cve-2018-17196/</a><br><a
- https://www.ibm.com/support/pages/node/6595739"
- https://www.ibm.com/support/pages/node/6595739</a><br><br><br></p>