cnvd - cnvd-2022-08202

CNVD-2022-08202

Vulnerability from cnvd - Published: 2022-02-03

Title

IBM Security SOAR信息泄露漏洞（CNVD-2022-08202）

Description

IBM Security SOAR是美国IBM公司的一款产品，前身为 Resilient。旨在帮助您的安全团队自信地应对网络威胁、通过智能实现自动化并通过一致性进行协作。 IBM Security SOAR中存在信息泄露漏洞，该漏洞源于产品未能正确启用HTTP Strict Transport Security功能。攻击者可利用该漏洞利用中间人技术获取敏感信息。

Severity

中

Patch Name

IBM Security SOAR信息泄露漏洞（CNVD-2022-08202）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.ibm.com/support/pages/node/6541974

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-29785

Impacted products

Name
IBM SOAR >=42.0.7058，<43.1.49

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-29785",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-29785"
    }
  },
  "description": "IBM Security SOAR\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4ea7\u54c1\uff0c\u524d\u8eab\u4e3a Resilient\u3002\u65e8\u5728\u5e2e\u52a9\u60a8\u7684\u5b89\u5168\u56e2\u961f\u81ea\u4fe1\u5730\u5e94\u5bf9\u7f51\u7edc\u5a01\u80c1\u3001\u901a\u8fc7\u667a\u80fd\u5b9e\u73b0\u81ea\u52a8\u5316\u5e76\u901a\u8fc7\u4e00\u81f4\u6027\u8fdb\u884c\u534f\u4f5c\u3002\n\nIBM Security SOAR\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u542f\u7528HTTP Strict Transport Security\u529f\u80fd\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5229\u7528\u4e2d\u95f4\u4eba\u6280\u672f\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.ibm.com/support/pages/node/6541974",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-08202",
  "openTime": "2022-02-03",
  "patchDescription": "IBM Security SOAR\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u6b3e\u4ea7\u54c1\uff0c\u524d\u8eab\u4e3a Resilient\u3002\u65e8\u5728\u5e2e\u52a9\u60a8\u7684\u5b89\u5168\u56e2\u961f\u81ea\u4fe1\u5730\u5e94\u5bf9\u7f51\u7edc\u5a01\u80c1\u3001\u901a\u8fc7\u667a\u80fd\u5b9e\u73b0\u81ea\u52a8\u5316\u5e76\u901a\u8fc7\u4e00\u81f4\u6027\u8fdb\u884c\u534f\u4f5c\u3002\r\n\r\nIBM Security SOAR\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u542f\u7528HTTP Strict Transport Security\u529f\u80fd\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5229\u7528\u4e2d\u95f4\u4eba\u6280\u672f\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM Security SOAR\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-08202\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "IBM SOAR \u003e=42.0.7058\uff0c\u003c43.1.49"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-29785",
  "serverity": "\u4e2d",
  "submitTime": "2022-01-23",
  "title": "IBM Security SOAR\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2022-08202\uff09"
}

CVE-2021-29785 (GCVE-0-2021-29785)

Vulnerability from cvelistv5 – Published: 2022-01-20 19:40 – Updated: 2024-09-17 04:14

Summary

IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.0/S:U/C:H/A:N/UI:N/AC:H/AV:N/I:N/PR:N/RL:O/RC:C/E:U

CWE

Obtain Information

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6541974	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Security SOAR	Affected: 42 Affected: 43

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:18:03.167Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6541974"
          },
          {
            "name": "ibm-resilient-cve202129785-info-disc (203169)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203169"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Security SOAR",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "42"
            },
            {
              "status": "affected",
              "version": "43"
            }
          ]
        }
      ],
      "datePublic": "2022-01-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.2,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/S:U/C:H/A:N/UI:N/AC:H/AV:N/I:N/PR:N/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-20T19:40:12",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6541974"
        },
        {
          "name": "ibm-resilient-cve202129785-info-disc (203169)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203169"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2022-01-19T00:00:00",
          "ID": "CVE-2021-29785",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Security SOAR",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "42"
                          },
                          {
                            "version_value": "43"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "H",
              "AV": "N",
              "C": "H",
              "I": "N",
              "PR": "N",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6541974",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6541974 (Security SOAR)",
              "url": "https://www.ibm.com/support/pages/node/6541974"
            },
            {
              "name": "ibm-resilient-cve202129785-info-disc (203169)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/203169"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-29785",
    "datePublished": "2022-01-20T19:40:12.352912Z",
    "dateReserved": "2021-03-31T00:00:00",
    "dateUpdated": "2024-09-17T04:14:56.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2022-08202

CVE-2021-29785 (GCVE-0-2021-29785)

Tags

Sightings

Nomenclature