IBM QRadar SIEM: Autoupdate files can be infected with malicious code
IBM's IT security solution QRadar SIEM is vulnerable. An update closes several vulnerabilities.
Emergency in the data center
(Image: vchal/Shutterstock.com)
Attackers can exploit several vulnerabilities in IBM QRadar SIEM and, in the worst case, execute malicious code. A security patch closes several gaps.
Preventing attacks
As the developers state in a warning message, versions 7.5 up to and including 7.5.0 UP12 IF01 are vulnerable. The most dangerous is a “critical” vulnerability (CVE-2025-33117/no EUVD) in the context of the auto-update function. Attackers with unspecified user rights can use a prepared auto-update file here. They can then use it to execute their commands and compromise systems. In addition, in two cases (CVE-2025-36050, risk “medium”; CVE-2025-33121, “high”) data can be accessed without authorization. The details of how such attacks could take place are currently unknown.
A second warning message indicates that other components are also at risk. For example, the processing of a manipulated XML document can lead to memory errors and ultimately to crashes (CV-2024-8176, “high”). In addition, attackers can also inject victims with files containing malicious code in a context that is actually trustworthy (CVE-2024-12087, “medium”).
Install an update
IBM QRadar 7.5.0 UP12 IF02 is equipped against the attacks described. So far, there are no indications of attacks. IBM's developers do not currently specify how admins can recognize instances that have already been successfully attacked. Admins should not delay too long with the installation.
Videos by heise
Most recently, there were important security updates for IBM /AIX/VIOS and DataPower Gateway. Malicious code attacks are conceivable at these points. Security updates are also available for download in this case.
(des)
