CVE-2024-22336

CWE-532 — Log File Information Exposure4 documents4 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 93.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Suite IBM Cloud PAK FOR Security IBM Qradar Suite Software

Timeline

PublishedFeb 17

Latest updateDec 2

Description

IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 1.4 | Impact: 3.6

Affected Packages4 packages

▶NVDibm/qradar_suite1.10.12.0 — 1.10.18.0

▶CVEListV5ibm/qradar_suite_software1.10.12.0 — 1.10.17.0

▶CVEListV5ibm/cloud_pak_for_security1.10.0.0 — 1.10.11.0

▶NVDibm/cloud_pak1.10.0.0 — 1.10.11.0

🔴Vulnerability Details

GHSA

GHSA-5546-xcjq-x5xr: IBM QRadar Suite 1↗2024-02-17

▶

CVEList

IBM QRadar Suite information disclosure↗2024-02-17

▶

📋Vendor Advisories

Red Hat

IBM QRadar Suite: IBM Cloud Pak for Security: Sensitive Information Disclosure in IBM QRadar Suite and IBM Cloud Pak for Security↗2024-12-02

▶