A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

Critical vulnerabilities affecting IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector (CVE-2022-42920, CVE-2023-51385 and CVE-2023-39410)

Advisory No: TZCERT/SA/2024/04/12-2

Date of First Release: 12th April 2024

Source: IBM

Software Affected: IBM Sterling B2B Integrator, IBM QRadar SIEM and IBM Disconnected Log Collector

Overview:

IBM products are affected by the critical arbitrary command execution. The vulnerabilities may allow an attacker to remote codes on the affected system.

Description:

IBM QRadar SIEM and IBM Disconnected Log Collector running OpenSSH and Apache Avro Java SDK respectively are affected with critical arbitrary code execution vulnerabilities. Also, the IBM Sterling B2B Integrator running Apache Commons BCEL is affected by the out-of-bounds write vulnerability. All these vulnerabilities may be exploited by the attacker using the specially-crafted request to gain control of the affected systems.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution:

IBM has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.ibm.com/support/pages/node/7148158
  2. https://www.ibm.com/support/pages/node/7148094
  3. https://www.ibm.com/support/pages/node/7148147

Check Also

Remote Code Execution Vulnerabilities in IBM Operational Decision Manager, and IBM i Modernization Engine for Lifecycle Integration (CVE-2019-19919, CVE-2019-12384)

Advisory No: TZCERT/SA/2024/05/17-6 Date of First Release: 17th May 2024 Source: IBM Software Affected: IBM …