SB2024050632 - Multiple vulnerabilities in IBM QRadar Suite software
Published: May 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2024-28102)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when processing highly compressed data within the deserialize() function. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2021-43565)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
3) Improper Preservation of Permissions (CVE-ID: CVE-2023-25809)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the rootless "/sys/fs/cgroup" is writable when cgroupns is not unshared. A local administrator can gain the write access to user-owned cgroup hierarchy "/sys/fs/cgroup/user.slice/..." on the host.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29162)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to containers are incorrectly started with non-empty inheritable Linux process capabilities, which leads to security restrictions bypass and privilege escalation.
5) Integer overflow (CVE-ID: CVE-2021-43784)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in netlink bytemsg length field. A remote authenticated attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Improper Preservation of Permissions (CVE-ID: CVE-2023-28642)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper preservation of permissions in the AppArmor and SELinux when /proc inside the container is symlinked with a specific mount configuration. A remote attacker can gain access to the target application.
7) Security features bypass (CVE-ID: CVE-2021-30465)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the security features bypass issue. A remote authenticated attacker on the local network can perform a symlink exchange attack and host filesystem being bind-mounted into the container.
8) Improper access control (CVE-ID: CVE-2023-27561)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.
9) Information disclosure (CVE-ID: CVE-2024-21501)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application when used on the backend and with the style attribute allowed. A remote attacker can enumerate files on the system, including project dependencies.
10) Input validation error (CVE-ID: CVE-2024-21503)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
11) Information disclosure (CVE-ID: CVE-2024-24758)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application does not clear the Proxy-Authentication HTTP header when handling cross-origin redirects. A remote attacker can gain access to sensitive information.
12) Open redirect (CVE-ID: CVE-2023-26159)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data within the url.parse() function. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
13) Resource exhaustion (CVE-ID: CVE-2024-27088)
The vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A local privileged user can pass functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` and perform a denial of service (DoS) attack.
14) UNIX symbolic link following (CVE-ID: CVE-2015-3627)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue, because Docker opens the file-descriptor passed to the pid-1 process before performing the chroot. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
15) Missing Encryption of Sensitive Data (CVE-ID: CVE-2023-28841)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to missing encryption of sensitive data within the overlay network driver. A remote attacker can gain unauthorized access to sensitive information on the system.
16) Unprotected Alternate Channel (CVE-ID: CVE-2023-28842)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams.
17) Unprotected Alternate Channel (CVE-ID: CVE-2023-28840)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to unprotected alternate channel within encrypted overlay networks. A remote attacker can inject arbitrary Ethernet frames into the encrypted overlay network and perform a denial of service (DoS) attack.
18) Cross-site request forgery (CVE-ID: CVE-2023-45857)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
19) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2024-1135)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests when handling Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
20) Inefficient Algorithmic Complexity (CVE-ID: CVE-2023-46136)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to high resource usage when parsing multipart/form-data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
21) Input validation error (CVE-ID: CVE-2023-44270)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to insufficient validation of external CSS files when parsing the "\r" character. A remote attacker can pass specially crafted input to the application and perform spoofing attack.
Remediation
Install update from vendor's website.