PT-2024-1918 · Ibm · Ibm Qradar Suite+1
Published
2024-02-16
·
Updated
2024-12-03
·
CVE-2024-22337
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0
IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0
Description
The issue is related to insufficient protection of registration data in the IBM QRadar Suite and IBM Cloud Pak for Security platforms, which store potentially sensitive information in log files. This could allow a local user to read the sensitive information.
Recommendations
For IBM QRadar Suite versions 1.10.12.0 through 1.10.17.0, consider restricting access to log files until a patch is available.
For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, consider restricting access to log files until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cloud Pak For Security
Ibm Qradar Suite