CVE-2023-47731 — Cross-site Scripting in IBM Cloud PAK FOR Security

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 82.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK FOR Security IBM Qradar Suite Software IBM Qradar Suite

Timeline

PublishedApr 23

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5ibm/qradar_suite_software1.10.12.0 — 1.10.19.0

▶NVDibm/qradar_suite1.10.12.0 — 1.10.19.0

▶CVEListV5ibm/cloud_pak_for_security1.10.0.0 — 1.10.11.0

▶NVDibm/cloud_pak1.10.0.0 — 1.10.11.0

🔴Vulnerability Details

GHSA

GHSA-x2xf-rph3-7jqp: IBM QRadar Suite Software 1↗2024-04-23

▶

CVEList

IBM QRadar Suite Software cross-site scripting↗2024-04-23

▶