CVE-2023-43041 — Sensitive Information Exposure in IBM Qradar Siem

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

4.9MEDIUMNVD

CNA6.5

EPSS

0.0%

top 85.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Siem IBM Qradar Security Information AND Event Manager

Timeline

PublishedOct 29

Description

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/qradar_security_information_and_event_manager7.5.0

▶CVEListV5ibm/qradar_siem7.5

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

CVEList

IBM QRadar information disclosure↗2023-10-29

▶

GHSA

GHSA-p4xp-h8v8-r2cg: IBM QRadar SIEM 7↗2023-10-29

▶