IBM Support

Security Bulletin: SQL Injection and Incorrect Handling of SSH Connection vulnerability in QRadar (CVE-2014-4824, CVE-2014-4826)

Security Bulletin


Summary

IBM QRadar 7.2 MR2 contains SQL Injection and Incorrect Handling of SSH Connection vulnerabilities .

Vulnerability Details


CVE ID: CVE-2014-4824

DESCRIPTION: IBM QRadar is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.

The attack requires authentication, but not local network access or specialized knowledge and techniques. An exploit could affect the integrity of data, confidentiality of information, and the availability of the system.


CVSS:
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95574 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:P)

CVE ID: CVE-2014-4826

DESCRIPTION: IBM QRadar is vulnerable due to incorrect handling of SSH connections. A remote attacker could exploit this vulnerability by capturing network traffic to obtain plain-text credentials and other sensitive information.

The attack does not require local network access or authentication, but some specialized knowledge and techniques are required. An exploit would not affect the integrity of data or availability of the system, but it could impact the confidentiality of information.


CVSS:
CVSS Base Score: 4.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/95576 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N)

Affected Products and Versions

IBM QRadar 7.2 MR2

Remediation/Fixes


NOTE: For the SSH connection vulnerability, view the IBM QRadar Admin Guide for 7.2 MR3 in the Create Scan Profiles for help on how to configure SSH keys for scanner profiles.

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

References

Complete CVSS v2 Guide
On-line Calculator v2

Related information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

Document information

More support for: IBM QRadar SIEM

Software version: 7.2

Operating system(s): Linux

Reference #: 1684448

Modified date: 08 March 2017


Translate this page: