The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote code execution vulnerability tracked as CVE-2021-38647.
CVE-2021-38647 is one of the four vulnerabilities in the Open Management Infrastructure (OMI) software, collectively tracked as OMIGOD, that were first reported by Wiz’s research team. Microsoft fixed the flaw with the release of September 2021 Patch Tuesday security updates.
OMI is an open-source project written in C that allows users to manage configurations across environments, it is used in various Azure services, including Azure Automation, Azure Insights.
The most severe flaw is a remote code execution flaw tracked as CVE-2021-38647, it received a CVSS score of 9.8.
In the case of IBM QRadar Azure, a remote attacker can exploit the vulnerability to execute arbitrary code on vulnerable installs.
“IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.” reads the advisory published by IBM. “Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.”
The vulnerability can be triggered by executing a specially crafted program on vulnerable systems, it affects the following versions:
A remote, unauthenticated attacker could exploit the vulnerability by sending a specially crafted message via HTTPS to port listening to OMI on a vulnerable system.
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, IBM QRadar Azure)
[adrotate banner=”5″]
[adrotate banner=”13″]
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by…
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
This website uses cookies.