CVE-2019-4545 : What You Need to Know
Learn about CVE-2019-4545 affecting IBM QRadar SIEM versions 7.3 and 7.4. Discover the impact, technical details, and mitigation steps for this spoofing vulnerability.
IBM QRadar SIEM versions 7.3 and 7.4 are vulnerable to spoofing attacks when Active Directory Authentication is enabled.
Understanding CVE-2019-4545
This CVE involves a potential vulnerability in IBM QRadar SIEM versions 7.3 and 7.4 that could be exploited for spoofing attacks.
What is CVE-2019-4545?
- The vulnerability allows for spoofing attacks when Active Directory Authentication is enabled in IBM QRadar SIEM versions 7.3 and 7.4.
- Identified and classified as IBM X-Force ID: 165877.
The Impact of CVE-2019-4545
- CVSS Score: 7.5 (High)
- Attack Vector: Adjacent Network
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
- Exploit Code Maturity: Unproven
- Privileges Required: None
- User Interaction: None
- Remediation Level: Official Fix
- Report Confidence: Confirmed
Technical Details of CVE-2019-4545
Vulnerability Description
- Spoofing vulnerability in IBM QRadar SIEM versions 7.3 and 7.4 with Active Directory Authentication.
Affected Systems and Versions
- Affected Versions: 7.3.0, 7.3.3.Patch.4, 7.4.0, 7.4.1
Exploitation Mechanism
- Attack Complexity: High
- Scope: Unchanged
- Vector String: CVSS:3.0/AC:H/A:H/UI:N/I:H/PR:N/C:H/S:U/AV:A/RL:O/E:U/RC:C
Mitigation and Prevention
Immediate Steps to Take
- Disable Active Directory Authentication if not essential.
- Apply official fixes provided by IBM.
Long-Term Security Practices
- Regularly update and patch IBM QRadar SIEM.
- Monitor IBM Security Bulletins for any new vulnerabilities.
Patching and Updates
- Apply the latest patches and updates from IBM to mitigate the vulnerability.