CVE-2024-22335

Name of the Vulnerable Software and Affected Versions IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0

Description The issue is related to insufficient protection of registration data in IBM QRadar Suite and IBM Cloud Pak for Security, which may allow an attacker to access confidential information. The software stores potentially sensitive information in log files that could be read by a local user.

Recommendations For IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0, update to a version that fixes the issue to prevent local users from reading sensitive log files. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that fixes the issue to prevent local users from reading sensitive log files. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.