A vulnerability has been discovered with IBM QRadar SIEM software where an authenticated user can run particular operating system commands on the QRadar Console, which can provide a user limited remote shell access. To resolve this vulnerability, QRadar administrators must install a fix to your QRadar Console. This fix applies to QRadar SIEM Consoles, QRadar Log Manager Consoles or QRadar Network Anomaly Detection Consoles. For more information on this vulnerability, see the security bulletin at http://www.ibm.com/support/docview.wss?uid=swg21639309.
This interim fix can be applied to QRadar 7.0.x and 7.1.x installations.
This interim fix must be installed to the Console in your QRadar deployment to address the vulnerability CVE-2013-2970.
Resolving the problem:
You can resolve this vulnerability by applying the vulnerability CVE-2013-2970 fix to your QRadar Console.
- Log in to IBM Support to download FixID 7.0.0-QRadar-QRSCRIPT-CVE-2013-2970.sh.gz.
- Copy the fix to a directory on your QRadar Console.
- Using SSH, log in to your QRadar Console as the root user.
- Navigate to the directory containing the fix.
- Type the following command to extract the script file: gunzip CVE-2013-2970.sh.gz
- Type the following command to apply the fix to your Console: sh CVE-2013-2970.sh
- Follow the on-screen instructions to complete the installation.
|Security||IBM Security QRadar Log Manager|
|Security||IBM Security QRadar Network Anomaly Detection|