CVE-2023-35006

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR version 3.12

Description A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. This issue allows for HTML injection, potentially leading to the execution of malicious code in the victim's browser.

Recommendations For IBM Security QRadar EDR version 3.12, consider disabling any features that allow user-inputted HTML to be executed in the browser until a patch is available. Restrict access to areas of the application where HTML injection could be exploited to minimize the risk of attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.