CVE-2018-2022 — Sensitive Information Exposure in IBM Qradar Security Information AND Event Manager

CWE-200 — Sensitive Information Exposure CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-22 — Path Traversal CWE-843 — Type Confusion CWE-79 — Cross-site Scripting CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)CWE-326 — Inadequate Encryption Strength CWE-399 CWE-415 — Double Free CWE-401 — Missing Release of Memory after Effective Lifetime CWE-36 — Absolute Path Traversal CWE-285 — Improper Authorization CWE-273 — Improper Check for Dropped Privileges CWE-78 — OS Command Injection30 documents11 sources

Severity

5.3MEDIUMNVD

CISA9.8CISA9.1CISA8.8CISA8.6CISA7.8CISA7.5CISA6.6CISA6.1

EPSS

0.2%

top 62.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Security Information AND Event Manager IBM Qradar Siem

Timeline

PublishedJul 17

Latest updateJul 7

Description

IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 155346.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/qradar_security_information_and_event_manager7.2.0 — 7.2.8+2

▶CVEListV5ibm/qradar_siem7.2, 7.3+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-pr6v-j9rj-hrwf: IBM QRadar SIEM 7↗2022-05-24

▶

CVEList

CVE-2018-2022: IBM QRadar SIEM 7↗2019-07-17

▶

💥Exploits & PoCs

Exploit-DB

Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution↗2023-07-07

▶

📋Vendor Advisories

Oracle

Oracle Oracle Siebel CRM Risk Matrix: eDetailing (PDF Viewer) — CVE-2018-5158↗2022-10-15

▶

CISA

Apple Multiple Products Memory Corruption Vulnerability↗2022-06-27

▶

CISA

Adobe Acrobat and Reader Double Free Vulnerability↗2022-06-08

▶

CISA

QNAP NAS File Station Cross-Site Scripting Vulnerability↗2022-05-24

▶

CISA

LG N1A1 NAS Remote Command Execution Vulnerability↗2022-03-25

▶

💬Community

HackerOne

DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)↗2023-01-12

▶

HackerOne

DNS rebinding in --inspect (insufficient fix of CVE-2022-32212 affecting macOS devices)↗2022-09-28

▶