CVE-2025-36170

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02

Description IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is susceptible to stored cross-site scripting. An authenticated user can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and leading to credentials disclosure within a trusted session. The vulnerability allows for the embedding of malicious scripts that can be executed when other users access the affected interface.

Recommendations Update IBM QRadar SIEM to a version beyond 7.5.0 Update Pack 13 Independent Fix 02.