John Zuccato

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5 Update Pack 13 Independent Fix 01 **Description** IBM QRadar SIEM versions 7.5 through 7.5 Update Pack 13 Independent Fix 01 may allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment. **Recommendations** Apply appropriate permission assignments to configuration files.

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Description: IBM QRadar SIEM Dashboard is susceptible to cross-site scripting. An authenticated user can embed arbitrary JavaScript code into the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. Recommendations: Update to a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 UP13 Description: IBM QRadar SIEM versions 7.5 through 7.5.0 UP13 may allow an authenticated user to escalate their privileges. This is due to a misconfigured cronjob that executes with unnecessary privileges. Recommendations: Apply configuration changes to the cronjob to restrict its privileges to the minimum necessary for execution.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 12 **Description** IBM QRadar SIEM is susceptible to stored cross-site scripting. Authenticated users can embed arbitrary JavaScript code within the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 **Description** The issue is related to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory resources. **Recommendations** For IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12, consider disabling XML data processing until a patch is available to prevent potential XXE attacks. Restrict access to sensitive information and monitor memory resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 **Description** The issue allows a privileged user to modify configuration files, enabling the upload of a malicious autoupdate file to execute arbitrary commands. **Recommendations** For IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12, update to a newer version to avoid risks.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue allows an authenticated user to cause a denial of service due to improperly validating API data input. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version outside of the affected range to resolve the issue. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of the affected range to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue is related to the improper generation of code in case management script creation, which could allow a privileged user to execute code. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version outside of this range to resolve the issue. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to case management script creation to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue allows an unauthenticated user in the environment to obtain highly sensitive information in configuration files. This could expose sensitive data to unauthenticated users. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to version 1.11.3.0 to secure your environment. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to version 1.10.12.1 to secure your environment.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue arises because the software does not invalidate a session after a user logs out, potentially allowing a user to impersonate another user on the system. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.11.2.0, update to a version that properly invalidates sessions after logout. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that properly invalidates sessions after logout.

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 Description: The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts, due to cross-site request forgery. Recommendations: For versions 10.0.0 through 10.0.8, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 Description: The issue allows a local privileged user to perform unauthorized actions due to incorrect permissions assignment. Recommendations: For versions 10.0.0 through 10.0.8, update to a version that includes the correct permissions assignment to prevent unauthorized actions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 Description: The issue allows a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. Recommendations: For versions 10.0.0 through 10.0.8, consider disabling the detailed technical error messages to minimize the risk of exploitation. Restrict access to error messages to prevent potential attackers from obtaining sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 Description: The issue allows a remote attacker to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system. Recommendations: For versions 10.0.0 through 10.0.8, consider disabling the detailed technical error messages to minimize the risk of exploitation. Restrict access to error messages to prevent potential attackers from obtaining sensitive information.

**Name of the Vulnerable Software and Affected Versions** IBM Security Verify Access Appliance and Container versions 10.0.0 through 10.0.8 **Description** This issue allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The attacker can incorporate `code` into the interface, thus changing the expected behavior. **Recommendations** For versions 10.0.0 through 10.0.8, update to a version that includes the fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: The issue allows an authenticated user to perform unauthorized actions due to the software's reliance on untrusted inputs. Recommendations: For IBM Security ReaQta version 3.12, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM version 7.5 **Description** The issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session. This is due to a cross-site scripting issue. **Recommendations** For IBM QRadar SIEM version 7.5, consider restricting access to the Web UI until a fix is available, and avoid using the Web UI with privileged accounts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** IBM Security ReaQta version 3.12 **Description** This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability is related to cross-site scripting. **Recommendations** For IBM Security ReaQta version 3.12, consider disabling access to the Web UI until a patch is available to prevent potential exploitation of the cross-site scripting vulnerability. Restricting the ability of privileged users to embed arbitrary JavaScript code can help minimize the risk of credentials disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: This issue allows a privileged user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. The vulnerability is related to cross-site scripting. Recommendations: For IBM Security ReaQta version 3.12, consider disabling access to the Web UI until a patch is available to prevent potential exploitation of the cross-site scripting vulnerability. Restricting user privileges may also help minimize the risk of credentials disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Suite Software versions 1.10.12.0 through 1.10.22.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0 **Description** The issue is related to weaknesses in the error reporting mechanism of IBM QRadar Suite and IBM Cloud Pak for Security. This could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request. The obtained information could be used in further attacks against the system. **Recommendations** For IBM QRadar Suite Software versions 1.10.12.0 through 1.10.22.0, update to a version outside of this range to mitigate the risk. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to detailed technical error messages to minimize the risk of exploitation.