Dawid Bak

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5 Update Pack 13 Independent Fix 01 **Description** IBM QRadar SIEM versions 7.5 through 7.5 Update Pack 13 Independent Fix 01 may allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment. **Recommendations** Apply appropriate permission assignments to configuration files.

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Description: IBM QRadar SIEM Dashboard is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code into the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. Recommendations: Update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 UP13 Description: IBM QRadar SIEM versions 7.5 through 7.5.0 UP13 may allow an authenticated user to escalate their privileges. This is due to a misconfigured cronjob that executes with unnecessary privileges. Recommendations: Apply configuration changes to the cronjob to restrict its privileges to the minimum necessary for execution.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 12 **Description** IBM QRadar SIEM is susceptible to stored cross-site scripting. Authenticated users can embed arbitrary JavaScript code within the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 **Description** The issue is related to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources. **Recommendations** For IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12, consider disabling XML data processing until a patch is available to prevent potential XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 **Description** The issue allows a privileged user to modify configuration files, enabling the upload of a malicious autoupdate file to execute arbitrary commands. **Recommendations** For IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12, update to a newer version to avoid risks.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue arises because the software does not invalidate a session after a user logs out, potentially allowing a user to impersonate another user on the system. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version that properly invalidates sessions after logout. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that properly invalidates sessions after logout.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue allows an authenticated user to cause a denial of service due to improperly validating API data input. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version outside of the affected range to resolve the issue. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of the affected range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue allows an unauthenticated user in the environment to obtain highly sensitive information in configuration files. This could expose sensitive data to unauthenticated users. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to version 1.11.3.0 to secure your environment. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to version 1.10.12.1 to secure your environment.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue is related to the improper generation of code in case management script creation, which could allow a privileged user to execute code. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version outside of this range to resolve the issue. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to case management script creation to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: The issue allows an authenticated user to perform unauthorized actions due to the software's reliance on untrusted inputs. Recommendations: For IBM Security ReaQta version 3.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM version 7.5 **Description** The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This is due to a cross-site scripting issue. **Recommendations** For IBM QRadar SIEM version 7.5, consider restricting access to the Web UI until a fix is available, and avoid using the Web UI with privileged accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Security ReaQta version 3.12 **Description** This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability is related to cross-site scripting. **Recommendations** For IBM Security ReaQta version 3.12, consider disabling access to the Web UI until a patch is available to prevent potential exploitation of the cross-site scripting vulnerability. Restricting the ability of privileged users to embed arbitrary JavaScript code can help minimize the risk of credentials disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability is related to cross-site scripting. Recommendations: For IBM Security ReaQta version 3.12, consider disabling access to the Web UI until a patch is available to prevent potential exploitation of the cross-site scripting vulnerability. Restricting user privileges may also help minimize the risk of credentials disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.10.22.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue is related to weaknesses in the error reporting mechanism of IBM QRadar Suite and IBM Cloud Pak for Security. This could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. The obtained information could be used in further attacks against the system. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.10.22.0, update to a version outside of this range to mitigate the risk. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to detailed technical error messages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Security QRadar EDR version 3.12 **Description** A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. This issue allows for HTML injection, potentially leading to the execution of malicious code in the victim's browser. **Recommendations** For IBM Security QRadar EDR version 3.12, consider disabling any features that allow user-inputted HTML to be executed in the browser until a patch is available. Restrict access to areas of the application where HTML injection could be exploited to minimize the risk of attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM Security Verify Access OIDC Provider versions 22.09 through 23.03 **Description** The issue is related to hazardous input validation, which could disclose sensitive information to a local user. **Recommendations** For versions 22.09 through 23.03, update to a version that addresses the hazardous input validation issue to prevent disclosure of sensitive information.

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium versions 11.3 through 12.0 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. This is due to the failure to neutralize special elements used in the operating system command. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For IBM Security Guardium versions 11.3 through 12.0, upgrade the affected component immediately to prevent potential system takeover. As a temporary workaround, consider restricting access to the request handler to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 IBM QRadar Suite Software versions 1.10.12.0 through 1.10.20.0 **Description** The issue exists due to insufficient input validation, allowing a remote attacker to modify dashboard parameters. This could be exploited by an authenticated user. **Recommendations** For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of this range to resolve the issue. For IBM QRadar Suite Software versions 1.10.12.0 through 1.10.20.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to dashboard parameters until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM version 7.5 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. This is due to a stored cross-site scripting vulnerability. **Recommendations** For IBM QRadar SIEM version 7.5, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation. Avoid using the Web UI for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.