IBM reports multiple security vulnerabilities affecting QRadar SIEM Log Source Management App

IBM is reporting multiple security vulnerabilities affecting the Log Source Management App for QRadar SIEM.

The vulnerabilities affect all versions of QRadar Log Source Management App from 1.0.0 through 7.0.10. IBM has released version 7.0.11 to address these security issues. Currently, there are no reports of active exploitation of these vulnerabilities in the wild.

The most critical vulnerabilities are:

• CVE-2024-47875 (CVSS score 10.0) - Critical severity DOMPurify vulnerability allowing nesting-based mXSS attacks that could lead to remote code execution
• CVE-2024-48949 (CVSS score 8.2) - High severity cryptographic signature verification bypass in Elliptic package
• CVE-2024-52798 (CVSS score 7.7) - High severity regular expression complexity issue in path-to-regexp leading to denial of service
• CVE-2024-45590 (CVSS score 7.5) - High severity denial of service vulnerability in expressjs body-parser
• CVE-2024-21538 (CVSS score 7.5) - High severity ReDoS vulnerability in cross-spawn package
• CVE-2024-48948 (CVSS score 7.5) - High severity cryptographic signature verification issue in Elliptic package
• CVE-2024-37890 (CVSS score 7.5) - High severity NULL pointer dereference in Node.js ws module
• CVE-2024-45296 (CVSS score 7.5) - High severity ReDoS vulnerability in Path-to-RegExp
• CVE-2024-21536 (CVSS score 7.5) - High severity denial of service vulnerability in http-proxy-middleware

Multiple other medium and low severity vulnerabilities were also addressed in this update, primarily related to cross-site scripting, cryptographic verification issues, and denial of service conditions.

IBM strongly recommends customers update to version 7.0.11 of the Log Source Management App. There are no workarounds or alternative mitigations available for these vulnerabilities.