There are important security updates for IBM Rational ClearCase and QRadar SIEM, among others: The critical gaps are in the XML parser library Expat.
An important update is available for IBM’s Rational ClearCase configuration management software. Admins will find information about the secured versions in the warning messages linked below this entry.
Dangerous malicious code gaps
Due to vulnerabilities in the Expat XML parser library used in the IBM software, remote attackers could access two “critical” classified vulnerabilities (CVE-2022-23852, CVE-2022-23990) and pushing malicious code onto systems and executing it. Sending prepared requests to vulnerable components should be sufficient for this.
In addition, attackers could target other vulnerabilities in Rational ClearCase and also execute malicious code or cause systems to crash at these points. The majority of these vulnerabilities are associated with threat level “high” classified.
More starting points for attackers
Attacks on App Connect Enterprise, Integration Bus, Java Runtime, Maximo Application Suite, Maximo Asset Management, Maximo Manage, QRadar SIEM and Rational ClearQuest are also possible. After successful attacks, crashes (DoS) can occur or malicious code can also get onto systems. Bypassing security mechanisms is also conceivable.
List sorted by threat level in descending order:
- Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase
- IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities
- Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase
- Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase
- IBM Integration Bus and IBM App Connect Enterprise are vulnerable to a denial of service due to jackson-databind
- Vulnerabilities in OpenSSL affect IBM Rational ClearQuest
- Vulnerability in libcURL affects IBM Rational ClearCase
- OpenSSL as used by IBM QRadar SIEM is vulnerable to denial of service
- IBM QRadar SIEM is vulnerable to local privilege escalation
- Vulnerability in OpenSSL affects IBM Rational ClearCase
- Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearCase
- IBM Maximo Asset Management, IBM Maximo Manage in IBM Maximo Application Suite and IBM Maximo Manage in IBM Maximo Application Suite as a Service may be affected by XML External Entity (XXE) attacks
- Apache Commons Email as used by IBM QRadar SIEM is vulnerable to information disclosure
- Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
- Multiple vulnerabilities in the IBM Java Runtime affect IBM Rational ClearQuest
