CVE-2024-22355

CWE-5213 documents3 sources
Severity
5.9MEDIUM
EPSS
0.1%
top 80.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite ProductsIBM Qradar Suite
Timeline
PublishedMar 3

Description

IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

CVEListV5ibm/qradar_suite_products1.10.12.01.10.18.0
NVDibm/qradar_suite1.10.12.01.10.18.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
CVEList
IBM QRadar Suite information dislosure2024-03-03
GHSA
GHSA-84x8-7rpq-3m9g: IBM QRadar Suite Products 12024-03-03
CVE-2024-22355 (MEDIUM CVSS 5.9) | IBM QRadar Suite Products 1.10.12.0 | cvebase.io