The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote code execution vulnerability tracked as CVE-2021-38647.
CVE-2021-38647 is one of the four vulnerabilities in the Open Management Infrastructure (OMI) software, collectively tracked as OMIGOD, that were first reported by Wiz’s research team. Microsoft fixed the flaw with the release of September 2021 Patch Tuesday security updates.
OMI is an open-source project written in C that allows users to manage configurations across environments, it is used in various Azure services, including Azure Automation, Azure Insights.
The most severe flaw is a remote code execution flaw tracked as CVE-2021-38647, it received a CVSS score of 9.8.
In the case of IBM QRadar Azure, a remote attacker can exploit the vulnerability to execute arbitrary code on vulnerable installs.
“IBM QRadar Azure marketplace images include the Open Management Infrastructure RPM which is vulnerable to CVE-2021-38647. Although we do not expose the affected port, we suggest updating out of an abundance of caution.” reads the advisory published by IBM. “Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.”
The vulnerability can be triggered by executing a specially crafted program on vulnerable systems, it affects the following versions:
A remote, unauthenticated attacker could exploit the vulnerability by sending a specially crafted message via HTTPS to port listening to OMI on a vulnerable system.
(SecurityAffairs – hacking, IBM QRadar Azure)