What is CVE-2021-29755?

CVE-2021-29755 is a vulnerability that affects IBM QRadar SIEM 7.3, 7.4, and 7.5. It allows for improper certificate validation for some inter-host communications.

What is the severity of CVE-2021-29755?

The severity of CVE-2021-29755 is high, with a severity value of 7.5.

Which versions of IBM QRadar SIEM are affected by CVE-2021-29755?

IBM QRadar SIEM versions 7.3, 7.4, and 7.5 are affected by CVE-2021-29755.

How does CVE-2021-29755 impact IBM QRadar SIEM?

CVE-2021-29755 allows for improper certificate validation in some inter-host communications within IBM QRadar SIEM.

How can I fix CVE-2021-29755?

To fix CVE-2021-29755, update to the appropriate fix pack or update pack for your version of IBM QRadar SIEM.

Vulnerability/
CVE-2021-29755

high

7.5

CWE

295

18/7/2022

20/7/2022

17/9/2024

CVE-2021-29755

First published: Mon Jul 18 2022(Updated: )

IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	>=7.3.0<7.3.3
IBM QRadar Security Information and Event Manager	>=7.4.0<7.4.3
IBM QRadar Security Information and Event Manager	=7.3.3
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_1
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_10
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_11
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_2
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_3
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_4
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_5
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_6
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_7
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_8
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_9
IBM QRadar Security Information and Event Manager	=7.4.3
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_1
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_2
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_3
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_4
IBM QRadar Security Information and Event Manager	=7.5.0
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_1
Linux Linux kernel
	<=7.3.0 - 7.3.3 Fix Pack 11
	<=7.4.0 - 7.4.3 Fix Pack 5
	<=7.5.0 - 7.5.0 Update Pack 1

Remedy

https://www.ibm.com/support/pages/node/6605431

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6605431

Frequently Asked Questions

What is CVE-2021-29755?
CVE-2021-29755 is a vulnerability that affects IBM QRadar SIEM 7.3, 7.4, and 7.5. It allows for improper certificate validation for some inter-host communications.
What is the severity of CVE-2021-29755?
The severity of CVE-2021-29755 is high, with a severity value of 7.5.
Which versions of IBM QRadar SIEM are affected by CVE-2021-29755?
IBM QRadar SIEM versions 7.3, 7.4, and 7.5 are affected by CVE-2021-29755.
How does CVE-2021-29755 impact IBM QRadar SIEM?
CVE-2021-29755 allows for improper certificate validation in some inter-host communications within IBM QRadar SIEM.
How can I fix CVE-2021-29755?
To fix CVE-2021-29755, update to the appropriate fix pack or update pack for your version of IBM QRadar SIEM.

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/remedy
agent/severity
agent/description
agent/softwarecombine
agent/tags
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.3.0
version/ibm qradar security information and event manager/7.4.0
version/ibm qradar security information and event manager/7.3.3
version/ibm qradar security information and event manager/7.3.3-fix_pack_1
version/ibm qradar security information and event manager/7.3.3-fix_pack_10
version/ibm qradar security information and event manager/7.3.3-fix_pack_11
version/ibm qradar security information and event manager/7.3.3-fix_pack_2
version/ibm qradar security information and event manager/7.3.3-fix_pack_3
version/ibm qradar security information and event manager/7.3.3-fix_pack_4
version/ibm qradar security information and event manager/7.3.3-fix_pack_5
version/ibm qradar security information and event manager/7.3.3-fix_pack_6
version/ibm qradar security information and event manager/7.3.3-fix_pack_7
version/ibm qradar security information and event manager/7.3.3-fix_pack_8
version/ibm qradar security information and event manager/7.3.3-fix_pack_9
version/ibm qradar security information and event manager/7.4.3
version/ibm qradar security information and event manager/7.4.3-fix_pack_1
version/ibm qradar security information and event manager/7.4.3-fix_pack_2
version/ibm qradar security information and event manager/7.4.3-fix_pack_3
version/ibm qradar security information and event manager/7.4.3-fix_pack_4
version/ibm qradar security information and event manager/7.5.0
version/ibm qradar security information and event manager/7.5.0-update_pack_1
vendor/linux
canonical/linux linux kernel
canonical/ibm qradar siem
version/ibm qradar siem/7.3.0 - 7.3.3 fix pack 11
version/ibm qradar siem/7.4.0 - 7.4.3 fix pack 5
version/ibm qradar siem/7.5.0 - 7.5.0 update pack 1