Critical IBM QRadar Flaws Enable Remote Arbitrary Code Execution

Home/Internet Security, Remote code execution, Security Advisory, Security Update, vulnerability/Critical IBM QRadar Flaws Enable Remote Arbitrary Code Execution

Critical IBM QRadar Flaws Enable Remote Arbitrary Code Execution

IBM recently revealed critical vulnerabilities in QRadar Suite Software and IBM Cloud Pak for Security. Exploitation of these flaws could let attackers execute arbitrary code remotely, posing serious security risks. IBM has released a fix and urges users to update their systems right away.

All about the Vulnerability

CVE-2024-28176: The Node.js jose module has a flaw in JWE decryption that can lead to a denial-of-service attack. Attackers can exploit this vulnerability by sending a specially crafted request, causing excessive CPU or memory usage. CVSS Base Score: 5.3.

CVE-2024-34064: Jinja’s xmlattr filter is vulnerable to cross-site scripting due to accepting keys with non-attribute characters. This flaw can allow remote attackers to inject attributes into web pages, potentially stealing cookie-based authentication credentials. CVSS Base Score: 5.4.

CVE-2024-3651: The idea module can cause a denial of service when a local user provides a specially crafted argument to the idea.encode() function. CVSS Base Score: 6.2.

CVE-2024-25024: IBM QRadar Suite stores user credentials in plain text, which can be accessed by a local user. CVSS Base Score: 6.2.

CVE-2024-37168: The gRPC module for Node.js has a memory allocation flaw that can lead to a denial of service attack if exploited by sending specially crafted messages. CVSS Base Score: 5.3.

CVE-2024-30260: The Node.js undici module mishandles Authorization headers, allowing remote authenticated attackers to access sensitive information. CVSS Base Score: 3.9.

CVE-2024-30261: The Node.js undici module has a security restriction bypass, allowing tampered requests with fetch(). CVSS Base Score: 2.6.

CVE-2024-28799: IBM QRadar Suite Software improperly displays sensitive data during back-end commands, risking information disclosure. CVSS Base Score: 5.1.

CVE-2024-39008: The fast-loops module by robinweser allows remote code execution due to a prototype pollution vulnerability. CVSS Base Score: 9.8.

CVE-2024-29415: The Node.js ip module is vulnerable to server-side request forgery (SSRF), enabling attackers to conduct SSRF attacks. CVSS Base Score: 7.5.

Affected Products and Versions

The following products and versions are affected:

  • IBM Cloud Pak for Security: 1.10.0.0 to 1.10.11.0
  • QRadar Suite Software: 1.10.12.0 to 1.10.23.0

Upgrade to version 1.10.24.0 or later to resolve these vulnerabilities.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

By | 2024-08-17T02:59:48+05:30 August 16th, 2024|Internet Security, Remote code execution, Security Advisory, Security Update, vulnerability|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!