CVE-2022-36771 — Improper Access Control in IBM Qradar User Behavior Analytics

CWE-284 — Improper Access Control CWE-668 — Resource Exposure3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 68.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar User Behavior Analytics

Timeline

PublishedSep 28

Latest updateSep 29

Description

IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/qradar_user_behavior_analytics< 4.1.9

▶CVEListV5ibm/qradar_user_behavior_analytics4.1.8

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-vp8w-34r2-97r4: IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to↗2022-09-29

▶

CVEList

CVE-2022-36771: IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to↗2022-09-28

▶