June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
New BugSleep Backdoor Leveraged by MuddyWater APT in Middle East Cyberattacks – Active IOCs
July 18, 2024
AsyncRAT – Active IOCs
July 18, 2024
New BugSleep Backdoor Leveraged by MuddyWater APT in Middle East Cyberattacks – Active IOCs
July 18, 2024
AsyncRAT – Active IOCs
July 18, 2024
Severity
Medium
Analysis Summary
CVE-2024-39731 CVSS:5.9
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information
CVE-2024-39736 CVSS:6.5
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
CVE-2024-39732 CVSS:4.1
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 temporarily stores data from different environments that could be obtained by a malicious user.
CVE-2024-39740 CVSS:4.3
IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 displays version information in HTTP requests that could allow an attacker to gather information for future attacks against the system.
CVE-2024-40690 CVSS:5.4
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2023-33859 CVSS:5.3
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy.
CVE-2024-25023 CVSS:6.2
IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2023-35006 CVSS:5.4
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2023-33860 CVSS:4
IBM Security QRadar EDR 3.12 allows web pages to be stored locally which can be read by another user on the system.
CVE-2023-35008 CVSS:5.3
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic
Impact
- Data Manipulation
- Information Disclosure
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-39731
- CVE-2024-39736
- CVE-2024-39732
- CVE-2024-39740
- CVE-2024-40690
- CVE-2023-33859
- CVE-2024-25023
- CVE-2023-35006
- CVE-2023-33860
- CVE-2023-35008
Affected Vendors
IBM
Affected Products
- IBM InfoSphere Information Server 11.7
- IBM Cloud Pak for Security 1.10.0.0
- IBM Cloud Pak for Security 1.10.11.0
- IBM QRadar Suite Software 1.10.12.0
- IBM Datacap 9.1.8
- IBM Datacap 9.1.9
- IBM Datacap 9.1.5
- IBM Datacap 9.1.6.
- IBM Security QRadar EDR 3.12
- IBM QRadar Suite Software 1.10.22.0
Remediation
Refer to IBM Security Advisory for patch, upgrade or suggested workaround information.
