IBM QRadar SIEM Bug

Multiple vulnerabilities have been found in IBM QRadar Wincollect, which were associated with denial of service that could allow a threat actor to disrupt the service from usage. These vulnerabilities were assigned with CVEs CVE-2023-38039, CVE-2023-1255, and CVE-2022-25883.

IBM has released security patches for fixing these vulnerabilities, along with a security advisory. Furthermore, users are urged to patch them.

CVE-2022-25883: Denial of Service in Node.js semver package

This vulnerability is associated with the Node.js semver package which is due to a regular expression denial-of-service (ReDoS) flaw in the new range function. A threat actor could use a specially crafted regex input to exploit this vulnerability. The severity for this vulnerability has been given as 5.3 (Medium).

CVE-2023-1255: Denial of Service in OpenSSL

This vulnerability is present in the OpenSSL due to a flaw in the implementation of AES-XTS cipher decryption for 64-bit ARM platforms. A threat actor could send a specially crafted request that could result in crashing the application. The severity for this vulnerability has been given as 3.7 (Low)

Document
Free Webinar

Live API Attack Simulation Webinar

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

CVE-2023-38039: Denial of Service in cURL libcurl

This vulnerability exists in the cURL libcurl library due to insufficient limitation of the number and size of headers accepted in a response. A threat actor could send a specially crafted request, which could exhaust the heap memory and result in a denial of service condition. The severity of this vulnerability has been given as 7.5 (High).

A complete report has been published by IBM, providing detailed information on these and many other vulnerabilities.

Affected Products & Fixed in Version

Affected Product(s)Version(s)Fixed in Version
QRadar WinCollect Agent10.0-10.1.7WinCollect Standalone Agent 10.1.8 VersionsWinCollect Agent MSI (64-bit) – Standalone onlyWinCollect Agent MSI (32-bit) – Standalone only

Users of this product are recommended to upgrade to the latest version to prevent these vulnerabilities from getting exploited by threat actors.

Experience how StorageGuard eliminates the security blind spots in your storage systems by trying a 14-day free trial.

Eswar
https://cybersecuritynews.com/
Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.