Critical Vulnerabilities in IBM QRadar Lets Attackers Trigger Arbitrary Code Remotely

IBM has issued a security bulletin highlighting multiple vulnerabilities in its QRadar Suite Blueprint. These vulnerabilities, affecting a quantity of components, hold been addressed in the most fresh instrument free up.

IBM QRadar Suite Blueprint is a highly efficient cybersecurity platform that integrates SIEM (Safety Details and Event Administration), SOAR (Safety Orchestration, Automation, and Response), community traffic analysis, and vulnerability management right into a single, unified solution risk detection, incident response, and compliance management.

IBM’s QRadar Suite Blueprint, along with IBM Cloud Pak for Safety, has been realized to own a complete lot of vulnerabilities which could be exploited by attackers.

• IBM Cloud Pak for Safety: Variations 1.10.0.0 to 1.10.11.0
• QRadar Suite Blueprint: Variations 1.10.12.0 to 1.10.23.0

Key Vulnerabilities Identified

In accordance to IBM file, These vulnerabilities vary from denial of provider and execrable-space scripting to scandalous going by intention of of sensitive files and doubtless arbitrary code execution. Below are the detailed descriptions and technical specifics of every identified vulnerability:

Node.js jose Module (CVE-2024-28176): This vulnerability entails a flaw throughout JWE Decryption operations, which shall be exploited to space off a denial of provider by drinking excessive CPU time or memory.

“Node.js jose module is liable to a denial of provider, attributable to a flaw throughout JWE Decryption operations. By sending a particularly crafted quiz, a faraway attacker could exploit this vulnerability to instruct unreasonable amount of CPU time or memory, and ends in a denial of provider situation.’

Jinja Substandard-Station Scripting (CVE-2024-34064): The Jinja template engine is inclined attributable to the acceptance of keys with non-attribute characters, allowing attackers to inject malicious attributes into on-line pages, maybe stealing authentication credentials.

” A faraway attacker could exploit this vulnerability to inject other attributes right into a Web direct online which could be executed in a victims Web browser through the protection context of the net net hosting Web space, once the page is viewed. “

idna Module Denial of Carrier (CVE-2024-3651): A local person can exploit the idna module by utilizing a particularly crafted argument to space off a denial of provider, drinking system sources.

Plaintext Credential Storage (CVE-2024-25024): QRadar Suite stores person credentials in plaintext, making them accessible to native users and posing a risk of unauthorized access.

gRPC on Node.js Denial of Carrier (CVE-2024-37168): A flaw in memory allocation within gRPC on Node.js shall be exploited to space off a denial of provider by sending particularly crafted messages.

Node.js undici Details Disclosure (CVE-2024-30260): The undici module in Node.js can expose sensitive files attributable to scandalous going by intention of of Authorization headers, which could be veteran for further attacks.

Node.js undici Safety Bypass (CVE-2024-30261): A flaw in the get integrity option enables security restrictions to be bypassed, accepting tampered requests as right.

Corrupt Details Uncover (CVE-2024-28799): QRadar Suite Blueprint improperly shows sensitive files throughout backend instructions, leading to surprising disclosure.

Arbitrary Code Execution in rapid-loops (CVE-2024-39008): A vulnerability in robinweser’s rapid-loops enables faraway code execution by intention of prototype air pollution, posing a high risk of arbitrary code execution or denial of provider.

Node.js ip Module SSRF (CVE-2024-29415): The ip module in Node.js is liable to server-facet quiz forgery, allowing attackers to habits SSRF attacks attributable to scandalous IP take care of categorization.

Remediation and Fixes

IBM strongly advises users to make stronger to model 1.10.24.0 or later. Detailed instructions for upgrading shall be realized here.

At the present, no workarounds or mitigations are on hand. Customers are encouraged to use the updates promptly.