Security Bulletin: IBM QRadar SIEM can be affected by a command injection vulnerability (CVE-2013-2970)

Flash (Alert)


Abstract

A vulnerability has been discovered within the IBM QRadar Security Information and Event Manager (SIEM) software that allows an authenticated user to execute limited operating system commands on the QRadar device and gain limited remote shell access.

Content

VULNERABILITY DETAILS:


DESCRIPTION:

CVE-2013-2970
A command injection vulnerability has been discovered within the IBM QRadar SIEM software that allows an authenticated user to execute operating system commands as a limited access user on the QRadar device. This access could be used to gain remote shell access as that webservices user. Even though authenticated users of the QRadar SIEM do not necessarily have shell access, action should be taken to ensure this issue is patched as soon as possible.

The attack can be conducted over the internet. Some degree of specialized knowledge and techniques are required to conduct this attack. Multiple authentication attempts are required for this attack. An exploit may have a limited impact on the confidentiality of information and the integrity of data and could reduce performance / cause interruptions to availability.


CVEID:
CVE-2013-2970

CVSS Base Score: 6.0
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/83872
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/AU:S/C:P/I:P/A:P)


AFFECTED PRODUCTS AND VERSIONS:
IBM QRadar Security Information and Event Manager (SIEM) 7.0
IBM QRadar Security Information and Event Manager (SIEM) 7.1

REMEDIATION:

The vulnerability is fixed in the following version of QRadar SIEM:





Workaround(s):
None

Mitigation(s):
None

REFERENCES:
· Complete CVSS Guide
· On-line Calculator V2
· CVE-2013-2970
· http://xforce.iss.net/xforce/xfdb/83872
· IBM Security Alerts
· QRadar SIEM 7.1MR2 Patch 1
· Interim Fix 7.0.0-QRadar-QRSCRIPT-CVE-2013-2970.sh


RELATED INFORMATION:
IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


ACKNOWLEDGEMENT
This vulnerability was reported to IBM by Stephen Hosom





*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security QRadar SIEM

Software version:

7.0, 7.1

Operating system(s):

Linux

Reference #:

1639309

Modified date:

2014-07-09

Translate my page

Machine Translation

Content navigation