Home Unlabelled IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733)

IBM SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733)

By
Friday, January 25, 2019
Read
Add Comment

Jan 25, 2019 9:01 am EST

Categorized: Medium Severity

Share this post:

The software fails to adequately filter user-controlled input data for syntax that has control-plane implications. Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. In this case the page could be modified to include a misleading message to the victim which could subject them to further compromise.

CVE(s): CVE-2018-1733

Affected product(s) and affected version(s):

  • IBM QRadar SIEM Version 7.2 to 7.2.8 Patch 13
  • IBM QRadar SIEM Version 7.3 to 7.3.1 Patch 6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/docview.wss?uid=ibm10794523
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147811



from IBM Product Security Incident Response Team https://ibm.co/2WkqVZD
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us