CVE-2019-4508Insufficiently Protected Credentials in IBM Qradar Security Information AND Event Manager

CWE-522Insufficiently Protected Credentials4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 75.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar Security Information AND Event ManagerIBM Qradar Siem
Timeline
PublishedJan 10
Latest updateMay 24

Description

IBM QRadar SIEM 7.3.0 through 7.3.3 uses weak credential storage in some instances which could be decrypted by a local attacker. IBM X-Force ID: 164429.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5ibm/qradar_siem7.3.0, 7.3.3+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-88f7-93r6-qwf6: IBM QRadar SIEM 72022-05-24
CVEList
CVE-2019-4508: IBM QRadar SIEM 72020-01-10

💬Community

1
Bugzilla
CVE-2019-20387 libsolv: out-of-bounds read in repodata_schema2id in repodata.c2020-01-31
CVE-2019-4508 — Insufficiently Protected Credentials | cvebase