Request a Demo
Rewterz
New BugSleep Backdoor Leveraged by MuddyWater APT in Middle East Cyberattacks – Active IOCs
July 18, 2024
Rewterz
AsyncRAT – Active IOCs
July 18, 2024

Multiple IBM Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-39731 CVSS:5.9

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information

CVE-2024-39736 CVSS:6.5

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.

CVE-2024-39732 CVSS:4.1

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user.

CVE-2024-39740 CVSS:4.3

IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system.

CVE-2024-40690 CVSS:5.4

IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2023-33859 CVSS:5.3

IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy.

CVE-2024-25023 CVSS:6.2

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user.

CVE-2023-35006 CVSS:5.4

IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVE-2023-33860 CVSS:4

IBM Security QRadar EDR 3.12 allows web pages to be stored locally which can be read by another user on the system.

CVE-2023-35008 CVSS:5.3

IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic

Impact

  • Data Manipulation
  • Information Disclosure
  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2024-39731
  • CVE-2024-39736
  • CVE-2024-39732
  • CVE-2024-39740
  • CVE-2024-40690
  • CVE-2023-33859
  • CVE-2024-25023
  • CVE-2023-35006
  • CVE-2023-33860
  • CVE-2023-35008

Affected Vendors

IBM

Affected Products

  • IBM InfoSphere Information Server 11.7
  • IBM Cloud Pak for Security 1.10.0.0
  • IBM Cloud Pak for Security 1.10.11.0
  • IBM QRadar Suite Software 1.10.12.0
  • IBM Datacap 9.1.8
  • IBM Datacap 9.1.9
  • IBM Datacap 9.1.5
  • IBM Datacap 9.1.6.
  • IBM Security QRadar EDR 3.12
  • IBM QRadar Suite Software 1.10.22.0

Remediation

Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.

CVE-2024-39731

CVE-2024-39736

CVE-2024-39732

CVE-2024-39740

CVE-2024-40690

CVE-2023-33859

CVE-2024-25023

CVE-2023-35006

CVE-2023-33860

CVE-2023-35008