CVE-2023-22875

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.4 through 7.5

Description The issue is related to the disclosure of information in the IBM QRadar SIEM system. It allows an attacker to expose protected information. The problem arises from the copying of certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts that do not require the key.

Recommendations For IBM QRadar SIEM versions 7.4 through 7.5, consider restricting access to the managed hosts that do not require the certificate key files to minimize the risk of information disclosure. As a temporary workaround, consider disabling the use of certificate key files for SSL/TLS in the QRadar web user interface until a patch is available. Restrict access to the QRadar web user interface to minimize the risk of exploitation.