Cyber Security

CVE-2021-38647 OMIGOD flaw impacts IBM QRadar AzureSecurity Affairs

Consultants warn that CVE-2021-38647 OMIGOD flaws have an effect on IBM QRadar Azure and might be exploited by distant attackers to execute arbitrary code.

The Open Administration Infrastructure RPM package deal within the IBM QRadar Azure market pictures is affected by a distant code execution vulnerability tracked as CVE-2021-38647.

CVE-2021-38647 is among the 4 vulnerabilities within the Open Administration Infrastructure (OMI) software program, collectively tracked as OMIGOD, that had been first reported by Wiz’s analysis workforce. Microsoft fastened the flaw with the discharge of September 2021 Patch Tuesday safety updates.

OMI is an open-source mission written in C that enables customers to handle configurations throughout environments, it’s utilized in numerous Azure providers, together with Azure Automation, Azure Insights.

Essentially the most extreme flaw is a distant code execution flaw tracked as CVE-2021-38647, it obtained a CVSS rating of 9.8.

Within the case of IBM QRadar Azure, a distant attacker can exploit the vulnerability to execute arbitrary code on susceptible installs.

“IBM QRadar Azure market pictures embrace the Open Administration Infrastructure RPM which is susceptible to CVE-2021-38647. Though we don’t expose the affected port, we advise updating out of an abundance of warning.” reads the advisory printed by IBM. “Microsoft Azure Open Administration Infrastructure may enable a distant attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker may exploit this vulnerability to execute arbitrary code on the system.”

The vulnerability might be triggered by executing a specifically crafted program on susceptible programs, it impacts the next variations:

  • IBM QRadar variations 7.3.0 to 7.3.3 Patch 9
  • IBM QRadar variations 7.4.0 to 7.4.3 Patch 2

A distant, unauthenticated attacker may exploit the vulnerability by sending a specifically crafted message by way of HTTPS to port listening to OMI on a susceptible system.

Observe me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, IBM QRadar Azure)

Source link