CVE-2021-38647 OMIGOD flaw impacts IBM QRadar Azure

Experts warn that CVE-2021-38647 OMIGOD flaws affect IBM QRadar Azure and can be exploited by remote attackers to execute arbitrary code.

The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote code execution vulnerability tracked as CVE-2021-38647.

CVE-2021-38647 is one of the four vulnerabilities in the Open Management Infrastructure (OMI) software, collectively tracked as OMIGOD, that were first reported by Wiz’s research team. Microsoft fixed the flaw with the release of September 2021 Patch Tuesday security updates.

OMI is an open-source project written in C that allows users to manage configurations across environments, it is used in various Azure services, including Azure Automation, Azure Insights.

The most severe flaw is a remote code execution flaw tracked as CVE-2021-38647, it received a CVSS score of 9.8.

In the case of IBM QRadar Azure, a remote attacker can exploit the vulnerability to execute arbitrary code on vulnerable installs.

“IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.” reads the advisory published by IBM. “Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.”

The vulnerability can be triggered by executing a specially crafted program on vulnerable systems, it affects the following versions:

IBM QRadar versions 7.3.0 to 7.3.3 Patch 9
IBM QRadar versions 7.4.0 to 7.4.3 Patch 2

A remote, unauthenticated attacker could exploit the vulnerability by sending a specially crafted message via HTTPS to port listening to OMI on a vulnerable system.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, IBM QRadar Azure)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.