CVE-2021-20393Information Exposure via Error Message in IBM Qradar User Behavior Analytics

CWE-209Information Exposure via Error Message3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 49.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar User Behavior AnalyticsIBM Qradar Siem
Timeline
PublishedMay 14
Latest updateMay 24

Description

IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/qradar_siem1.0.0, 4.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-f3qg-4xjg-25jv: IBM QRadar User Behavior Analytics 12022-05-24
CVEList
CVE-2021-20393: IBM QRadar User Behavior Analytics 12021-05-14
CVE-2021-20393 — Information Exposure via Error Message | cvebase