Remote Code Execution – IBM QRadar / Robin Weser Fast Loops (CVE-2024-39008). On August 14, a security bulletin for QRadar Suite Software and IBM Cloud Pak for Security was published on the IBM website. It lists fixed vulnerabilities in IBM QRadar itself and its open source components: Node.js, Jinja, kjd/idna, robinweser/fast-loops. The vulnerability of the last project is the most interesting.
🔻 robinweser/fast-loops – a set of compact utilities for faster work with JavaScript arrays and objects. This is not a very popular project, only 25 stars and 3 forks on GitHub.
🔻 The vulnerability CVE-2024-39008 allows an attacker to send special requests and, potentially, cause a DoS and RCE. There are technical details and a PoC.
Ok, the open source component is vulnerable. But how to exploit the vulnerability in QRadar itself? It is still unknown. 🤷♂️ But it is better not to wait for the details to appear, but to update QRadar in advance. 😉
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.