Friday, December 6, 2024
HomeCVE/vulnerabilityCritical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code Remotely

Critical Vulnerabilities in IBM QRadar Allow Attackers to Execute Arbitrary Code Remotely

Published on

SIEM as a Service

IBM recently disclosed critical vulnerabilities affecting its QRadar Suite Software and IBM Cloud Pak for Security. These vulnerabilities, if exploited, could allow attackers to execute arbitrary code remotely, potentially leading to severe security breaches.

The company has addressed these issues in its latest software release and urges users to update their systems immediately.

Vulnerability Details

CVE-2024-28176—The Node.js Jose module is vulnerable to a denial-of-service attack due to a flaw during JWE Decryption operations. A remote attacker could exploit this by sending a specially crafted request, leading to excessive CPU or memory usage and a denial-of-service condition. The CVSS Base score for this vulnerability is 5.3.

- Advertisement - SIEM as a Service

CVE-2024-34064 – Jinja has a cross-site scripting vulnerability caused by the acceptance of keys with non-attribute characters by the xmlattr filter. This flaw allows remote attackers to inject attributes into a web page, potentially stealing cookie-based authentication credentials. The CVSS Base score is 5.4.

CVE-2024-3651—The idea module could allow a local user to cause a denial of service by using a specially crafted argument to the idea. encode () function. This vulnerability has a CVSS Base score of 6.2.

CVE-2024-25024 – IBM QRadar Suite stores user credentials in plain text, which a local user can access. This vulnerability has a CVSS Base score of 6.2.

Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot

CVE-2024-37168 – The gRPC on Node.js is vulnerable to a denial of service attack due to a flaw in memory allocation. A remote attacker could exploit this vulnerability by sending specially crafted messages, with a CVSS Base score of 5.3.

CVE-2024-30260 – The Node.js undici module could allow a remote authenticated attacker to obtain sensitive information due to improper handling of Authorization headers. This vulnerability has a CVSS Base score of 3.9.

CVE-2024-30261 – A security restriction bypass vulnerability exists in the Node.js undici module, allowing fetch() to accept tampered requests. The CVSS Base score is 2.6.

CVE-2024-28799 – IBM QRadar Suite Software improperly displays sensitive data during back-end commands, potentially leading to information disclosure. The CVSS Base score is 5.1.

CVE-2024-39008 – The robinweser fast-loops module allows remote attackers to execute arbitrary code due to a prototype pollution vulnerability. This critical flaw has a CVSS Base score of 9.8.

CVE-2024-29415 – The Node.js ip module is vulnerable to server-side request forgery, allowing attackers to conduct SSRF attacks. The CVSS Base score is 7.5.

Affected Products and Versions

The vulnerabilities affect the following products and versions:

  • IBM Cloud Pak for Security: Versions 1.10.0.0 to 1.10.11.0
  • QRadar Suite Software: Versions 1.10.12.0 to 1.10.23.0

IBM strongly advises users to upgrade to version 1.10.24.0 or later to mitigate these vulnerabilities.

While no specific workarounds have been provided, users are encouraged to apply the updates promptly to secure their systems against potential exploits.

Are you from SOC and DFIR Teams? Analyse Malware Incidents & get live Access with ANY.RUN -> Get 14 Days Free Acces

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...

Sophisticated Celestial Stealer Targets Browsers to Steal Login Credentials

Researchers discovered Celestial Stealer, a JavaScript-based MaaS infostealer targeting Windows systems that, evading detection...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Top Five Industries Most Frequently Targeted by Phishing Attacks

Researchers analyzed phishing attacks from Q3 2023 to Q3 2024 and identified the top...

Russian BlueAlpha APT Exploits Cloudflare Tunnels to Distribute Custom Malware

BlueAlpha, a Russian state-sponsored group, is actively targeting Ukrainian individuals and organizations by using...

Russian Hackers Hijacked Pakistani Actor Servers For C2 Communication

Secret Blizzard, a Russian threat actor, has infiltrated 33 command-and-control (C2) servers belonging to...