IBM has issued a security bulletin highlighting multiple vulnerabilities in its QRadar Suite Software. These vulnerabilities, affecting various components, have been addressed in the latest software release.
IBM QRadar Suite Software is a powerful cybersecurity platform that integrates SIEM (Security Information and Event Management), SOAR (Security Orchestration, Automation, and Response), network traffic analysis, and vulnerability management into a single, unified solution threat detection, incident response, and compliance management.
IBM’s QRadar Suite Software, along with IBM Cloud Pak for Security, has been found to contain several vulnerabilities that could be exploited by attackers.
- IBM Cloud Pak for Security: Versions 1.10.0.0 to 1.10.11.0
- QRadar Suite Software: Versions 1.10.12.0 to 1.10.23.0
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
Key Vulnerabilities Identified
According to IBM report, These vulnerabilities range from denial of service and cross-site scripting to improper handling of sensitive data and potential arbitrary code execution. Below are the detailed descriptions and technical specifics of each identified vulnerability:
Node.js jose Module (CVE-2024-28176): This vulnerability involves a flaw during JWE Decryption operations, which can be exploited to cause a denial of service by consuming excessive CPU time or memory.
“Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a specially crafted request, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time or memory, and results in a denial of service condition.’
Jinja Cross-Site Scripting (CVE-2024-34064): The Jinja template engine is vulnerable due to the acceptance of keys with non-attribute characters, allowing attackers to inject malicious attributes into web pages, potentially stealing authentication credentials.
” A remote attacker could exploit this vulnerability to inject other attributes into a Web page which would be executed in a victims Web browser within the security context of the hosting Web site, once the page is viewed. “
idna Module Denial of Service (CVE-2024-3651): A local user can exploit the idna module by using a specially crafted argument to cause a denial of service, consuming system resources.
Plaintext Credential Storage (CVE-2024-25024): QRadar Suite stores user credentials in plaintext, making them accessible to local users and posing a risk of unauthorized access.
gRPC on Node.js Denial of Service (CVE-2024-37168): A flaw in memory allocation within gRPC on Node.js can be exploited to cause a denial of service by sending specially crafted messages.
Node.js undici Information Disclosure (CVE-2024-30260): The undici module in Node.js can expose sensitive information due to improper handling of Authorization headers, which could be used for further attacks.
Node.js undici Security Bypass (CVE-2024-30261): A flaw in the fetch integrity option allows security restrictions to be bypassed, accepting tampered requests as valid.
Improper Data Display (CVE-2024-28799): QRadar Suite Software improperly displays sensitive data during backend commands, leading to unexpected disclosure.
Arbitrary Code Execution in fast-loops (CVE-2024-39008): A vulnerability in robinweser’s fast-loops allows remote code execution through prototype pollution, posing a high risk of arbitrary code execution or denial of service.
Node.js ip Module SSRF (CVE-2024-29415): The ip module in Node.js is vulnerable to server-side request forgery, allowing attackers to conduct SSRF attacks due to improper IP address categorization.
IBM strongly advises users to upgrade to version 1.10.24.0 or later. Detailed instructions for upgrading can be found here.
At this time, no workarounds or mitigations are available. Users are encouraged to apply the updates promptly.
Easily analyze emerging malware with ANY.RUN interactive online sandbox - Try 14 Days Free Trial