CVE-2021-29755

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

EPSS Низкий

Описание

IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/202015
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6605431
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/202015
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6605431
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*

Версия от 7.3.0 (включая) до 7.3.3 (исключая)

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3 (исключая)

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:-:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_10:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_11:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_8:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_9:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_3:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_4:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00095

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-295

Связанные уязвимости

GHSA-mv8m-2w22-fqhx

CVSS3: 7.5

github

больше 3 лет назад

IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.

EPSS

Процентиль: 27%

0.00095

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-295