CVE-2024-22336

Name of the Vulnerable Software and Affected Versions IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0

Description The issue is related to insufficient protection of registration data in the IBM QRadar Suite and IBM Cloud Pak for Security platforms, which could allow an attacker to gain access to confidential data. Potentially sensitive information is stored in log files that could be read by a local user.

Recommendations For IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0, update to a version that includes the necessary security fixes to prevent sensitive information from being stored in log files. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that includes the necessary security fixes to prevent sensitive information from being stored in log files. As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.