CVE-2024-28799

CWE-2143 documents3 sources
Severity
7.5HIGH
EPSS
0.1%
top 66.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
IBM Cloud PAK FOR SecurityIBM Qradar Suite SoftwareIBM Qradar Suite
Timeline
PublishedAug 14

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 1.1 | Impact: 4.0

Affected Packages4 packages

CVEListV5ibm/qradar_suite_software1.10.12.01.10.23.0
NVDibm/qradar_suite1.10.12.01.10.23.0
CVEListV5ibm/cloud_pak_for_security1.10.0.01.10.11.0
NVDibm/cloud_pak1.10.0.01.10.11.0

🔴Vulnerability Details

2
GHSA
GHSA-97p6-m24q-57p8: IBM QRadar Suite Software 12024-08-14
CVEList
IBM QRadar Suite Software information disclosure2024-08-14
CVE-2024-28799 (HIGH CVSS 7.5) | IBM QRadar Suite Software 1.10.12.0 | cvebase.io