CVE-2023-43057

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM version 7.5.0

Description The issue is related to a lack of protection for the web page structure in the IBM QRadar SIEM system, allowing a remote attacker to bypass restrictions on executing JavaScript. This can lead to the embedding of arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session.

Recommendations For IBM QRadar SIEM version 7.5.0, consider disabling the execution of JavaScript code in the Web UI as a temporary workaround until a patch is available. Restrict access to the Web UI to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.