IBM Support

Security Bulletin: IBM QRadar SIEM can be affected by a command injection vulnerability (CVE-2013-2970)

Flashes (Alerts)


Abstract

A vulnerability has been discovered within the IBM QRadar Security Information and Event Manager (SIEM) software that allows an authenticated user to execute limited operating system commands on the QRadar device and gain limited remote shell access.

Content

VULNERABILITY DETAILS:


DESCRIPTION:

CVE-2013-2970
A command injection vulnerability has been discovered within the IBM QRadar SIEM software that allows an authenticated user to execute operating system commands as a limited access user on the QRadar device. This access could be used to gain remote shell access as that webservices user. Even though authenticated users of the QRadar SIEM do not necessarily have shell access, action should be taken to ensure this issue is patched as soon as possible.

The attack can be conducted over the internet. Some degree of specialized knowledge and techniques are required to conduct this attack. Multiple authentication attempts are required for this attack. An exploit may have a limited impact on the confidentiality of information and the integrity of data and could reduce performance / cause interruptions to availability.


CVEID:
CVE-2013-2970

CVSS Base Score: 6.0
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/83872
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/AU:S/C:P/I:P/A:P)


AFFECTED PRODUCTS AND VERSIONS:
IBM QRadar Security Information and Event Manager (SIEM) 7.0
IBM QRadar Security Information and Event Manager (SIEM) 7.1

REMEDIATION:

The vulnerability is fixed in the following version of QRadar SIEM:

  • For QRadar SIEM 7.1 - install QRadar SIEM 7.1 MR2 Patch 1
  • For QRadar SIEM 7.0 - Install Interim Fix 7.0.0-QRadar-QRSCRIPT-CVE-2013-2970.sh





    • Workaround(s):
    None

    Mitigation(s):
    None

    REFERENCES:
    · Complete CVSS Guide
    · On-line Calculator V2
    · CVE-2013-2970
    · https://exchange.xforce.ibmcloud.com/vulnerabilities/83872
    · IBM Security Alerts
    · QRadar SIEM 7.1MR2 Patch 1
    · Interim Fix 7.0.0-QRadar-QRSCRIPT-CVE-2013-2970.sh


    RELATED INFORMATION:
    IBM Secure Engineering Web Portal
    IBM Product Security Incident Response Blog


    ACKNOWLEDGEMENT
    This vulnerability was reported to IBM by Stephen Hosom





    *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Flash.


    Note: According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

    [{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Not Applicable","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.1;7.0","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

    Document Information

    Modified date:
    26 September 2022

    UID

    swg21639309

    Page Feedback