The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of IBM Security QRadar SIEM

vulnerability announce CVE-2018-1087

Linux kernel: privilege escalation via KVM DB Exceptions

Synthesis of the vulnerability

An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Impacted products: Debian, QRadar SIEM, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-1087, DSA-4196-1, ibm10742755, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26072.

Description of the vulnerability

An attacker, inside a guest system, can bypass restrictions via KVM DB Exceptions of the Linux kernel, in order to escalate his privileges on the host system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-8897

Linux kernel: privilege escalation via DB Exceptions

Synthesis of the vulnerability

An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, BIG-IP Hardware, TMOS, FreeBSD, QRadar SIEM, Linux, pfSense, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 09/05/2018.
Identifiers: CERTFR-2018-AVI-224, CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-232, CERTFR-2018-AVI-584, CVE-2018-8897, DLA-1392-1, DSA-4196-1, FreeBSD-SA-18:06.debugreg, ibm10742755, K17403481, RHSA-2018:1318-01, RHSA-2018:1319-01, RHSA-2018:1345-01, RHSA-2018:1346-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1349-01, RHSA-2018:1350-01, RHSA-2018:1351-01, RHSA-2018:1352-01, RHSA-2018:1353-01, RHSA-2018:1354-01, RHSA-2018:1355-01, SUSE-SU-2018:1171-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1173-1, SUSE-SU-2018:1220-1, SUSE-SU-2018:1221-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-26071, VU#631579.

Description of the vulnerability

An attacker can bypass restrictions via DB Exceptions of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2018-10675

Linux kernel: use after free via do_get_mempolicy

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Impacted products: QRadar SIEM, Junos Space, Linux, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, denial of service on server, denial of service on service.
Provenance: user shell.
Creation date: 03/05/2018.
Identifiers: CERTFR-2018-AVI-256, CERTFR-2018-AVI-319, CERTFR-2018-AVI-330, CERTFR-2018-AVI-386, CERTFR-2018-AVI-408, CERTFR-2018-AVI-457, CERTFR-2018-AVI-584, CVE-2018-10675, ibm10742755, JSA10917, RHSA-2018:2164-01, RHSA-2018:2384-01, RHSA-2018:2395-01, RHSA-2018:2785-01, RHSA-2018:2791-01, RHSA-2018:2924-01, RHSA-2018:2925-01, RHSA-2018:2933-01, RHSA-2018:3540-01, RHSA-2018:3586-01, RHSA-2018:3590-01, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1846-1, USN-3754-1, VIGILANCE-VUL-26038.

Description of the vulnerability

An attacker can force the usage of a freed memory area via do_get_mempolicy() of the Linux kernel, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2014-1211

VMware vCloud Director: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of VMware vCloud Director, in order to force the victim to perform operations.
Impacted products: QRadar SIEM.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 02/05/2018.
Identifiers: 2015819, CVE-2014-1211, VIGILANCE-VUL-26011.

Description of the vulnerability

The VMware vCloud Director product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of VMware vCloud Director, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2018-1000199

Linux kernel: privilege escalation via Ptrace Hardware Breakpoint Settings

Synthesis of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Impacted products: Debian, Android OS, QRadar SIEM, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Synology DS***, Synology RS***, Ubuntu.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 02/05/2018.
Identifiers: CERTFR-2018-AVI-226, CERTFR-2018-AVI-228, CERTFR-2018-AVI-256, CERTFR-2018-AVI-308, CERTFR-2018-AVI-319, CERTFR-2018-AVI-584, CVE-2018-1000199, DLA-1369-1, DSA-4187-1, DSA-4188-1, ibm10742755, openSUSE-SU-2018:1418-1, RHSA-2018:1318-01, RHSA-2018:1345-01, RHSA-2018:1347-01, RHSA-2018:1348-01, RHSA-2018:1354-01, RHSA-2018:1355-01, RHSA-2018:1374-01, SUSE-SU-2018:1366-1, SUSE-SU-2018:1368-1, SUSE-SU-2018:1374-1, SUSE-SU-2018:1375-1, SUSE-SU-2018:1376-1, SUSE-SU-2018:1816-1, SUSE-SU-2018:1846-1, SUSE-SU-2018:1855-1, Synology-SA-18:51, USN-3641-1, USN-3641-2, VIGILANCE-VUL-25999.

Description of the vulnerability

An attacker can bypass restrictions via Ptrace Hardware Breakpoint Settings of the Linux kernel, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2011-4905

Apache ActiveMQ: denial of service via Openwire Connection Request

Synthesis of the vulnerability

An attacker can generate a fatal error via Openwire Connection Request of Apache ActiveMQ, in order to trigger a denial of service.
Impacted products: QRadar SIEM.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 25/04/2018.
Identifiers: 2015823, CVE-2011-4905, VIGILANCE-VUL-25977.

Description of the vulnerability

An attacker can generate a fatal error via Openwire Connection Request of Apache ActiveMQ, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2011-4314

OpenID4Java: read-write access via Attribute Exchange

Synthesis of the vulnerability

An attacker can bypass access restrictions via Attribute Exchange of OpenID4Java, in order to read or alter data.
Impacted products: QRadar SIEM, RHEL, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: document.
Creation date: 25/04/2018.
Identifiers: 2015821, 2 Apr 2012 20:14:16, CVE-2011-4314, RHSA-2011:1798-01, RHSA-2011:1799-01, RHSA-2011:1800-01, RHSA-2011:1802-01, RHSA-2011:1803-01, RHSA-2011:1804-01, RHSA-2011:1805-01, RHSA-2011:1806-01, RHSA-2012:0378-01, RHSA-2012:0519-01, VIGILANCE-VUL-25976.

Description of the vulnerability

An attacker can bypass access restrictions via Attribute Exchange of OpenID4Java, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2016-4970

Netty: infinite loop via OpenSslEngine

Synthesis of the vulnerability

An attacker can generate an infinite loop via OpenSslEngine of Netty, in order to trigger a denial of service.
Impacted products: QRadar SIEM.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 25/04/2018.
Identifiers: 2015818, CVE-2016-4970, VIGILANCE-VUL-25975.

Description of the vulnerability

An attacker can generate an infinite loop via OpenSslEngine of Netty, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2014-0193

Netty: denial of service via WebSocket08FrameDecoder

Synthesis of the vulnerability

An attacker can generate a fatal error via WebSocket08FrameDecoder of Netty, in order to trigger a denial of service.
Impacted products: QRadar SIEM, JBoss EAP by Red Hat.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 25/04/2018.
Identifiers: 2015818, CVE-2014-0193, RHSA-2014:0818-01, RHSA-2014:0910-01, RHSA-2014:1019-01, RHSA-2014:1020-01, RHSA-2014:1021-01, RHSA-2014:1351-01, RHSA-2015:0234-01, RHSA-2015:0235-01, RHSA-2015:0675-01, RHSA-2015:0720-01, RHSA-2015:0765-01, RHSA-2015:1009, VIGILANCE-VUL-25974.

Description of the vulnerability

An attacker can generate a fatal error via WebSocket08FrameDecoder of Netty, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-1724

IBM QRadar SIEM: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of IBM QRadar SIEM, in order to run JavaScript code in the context of the web site.
Impacted products: QRadar SIEM.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 25/04/2018.
Identifiers: 2015807, CVE-2017-1724, VIGILANCE-VUL-25973.

Description of the vulnerability

The IBM QRadar SIEM product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of IBM QRadar SIEM, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about IBM Security QRadar SIEM: