There are multiple vulnerabilities in IBM products: QRadar SIEM, and Storwize V7000 Unified

#1. Multiple vulnerabilities in IBM QRadar SIEM

Danger: Low

Availability Corrections: Yes

Number of vulnerabilities: 2

CVSSv2 Rating: (AV: A / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2

(AV: A / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.8 / Temporal: 3.5

CVE ID: CVE-2014-4824; CVE-2014-4826

Vector operation: Local Network

Impact: Disclosure of sensitive data, Unauthorized modification of data

Affected Products: QRadar SIEM 7.x

Affected versions: IBM QRadar SIEM 7.2 MR2

Description:

Vulnerabilities allow a remote user to execute arbitrary SQL commands in the application database and gain access to sensitive data.

1. The vulnerability is due to an unknown error when processing the input data. This can be exploited to execute arbitrary SQL commands in the application database.

2. The vulnerability is due to an unknown error when processing SSH connections. The remote user can perform MitM-attack and reveal the user’s credentials.

Solution: Install the latest version 7.2.3 Maintenance Release 3 Patch 1 from the manufacturer.

Link: https://www.ibm.com/support/docview.wss?uid=swg21684448

#2. Multiple vulnerabilities in the IBM Storwize V7000 Unified

Danger: Low

Availability Corrections: Yes

Number of vulnerabilities: 5

CVSSv2 Rating: (AV: A / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 3.3 / Temporal: 2.4

(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7

(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2

(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7

(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7

CVE ID: CVE-2007-6750; CVE-2014-0075; CVE-2014-0096; CVE-2014-0099; CVE-2014-0119; CVE-2014-3493

Vector operation: Local Network

Impact: Denial of service (DDoS attack), Disclosure of sensitive data, Security Bypass

Affected Products: IBM Storwize V7000 Unified 1.x

Affected versions: IBM Storwize V7000 Unified version to 1.5.0.2



Description:

Vulnerabilities allow malicious user to bypass certain security restrictions, gain access to sensitive information and cause a denial of service.

1. The vulnerability is caused due to the presence of a vulnerable version of Samba. These vulnerabilities allows a remote user to cause a denial-of-service of application:

– An unspecified error in the “sys_recvfrom ()” in the file source3 / lib / system.c. A remote user can send specially crafted NetBIOS packet and cause an infinite loop in the nmbd daemon.

– An unspecified error in the handling of file names Unicode. A remote user can write to the not boundaries that subsequently lead to crash the smbd daemon.

2. The vulnerability is caused due to the presence of a vulnerable version of Apache Tomcat. The discovered vulnerabilities allow malicious user to bypass certain security restrictions and gain access to certain confidential information.

Solution: Install the latest version 1.5.0.2 from the manufacturer.

Links:

https://www.ibm.com/support/docview.wss?uid=ssg1S1004834

https://www.ibm.com/support/docview.wss?uid=ssg1S1004836

https://www.ibm.com/support/docview.wss?uid=ssg1S1004854

Manufacturer URLs:

http://www-03.ibm.com/software/products/us/en/qradar-siem/

http://www-03.ibm.com/systems/storage/disk/storwize_v7000/