PT-2024-2057 · Ibm · Ibm Qradar Suite Products+1
Published
2024-03-01
·
Updated
2024-12-23
·
CVE-2023-47742
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM QRadar Suite Products versions 1.10.12.0 through 1.10.18.0
IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0
Description
The issue is related to the incorrect enforcement of certificate validation, which could allow an attacker to disclose sensitive information using man-in-the-middle techniques. This vulnerability may be exploited by a remote attacker.
Recommendations
For IBM QRadar Suite Products versions 1.10.12.0 through 1.10.18.0, update to a version that correctly enforces certificate validation.
For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that correctly enforces certificate validation.
As a temporary workaround, consider restricting access to sensitive information and implementing additional security measures to minimize the risk of exploitation.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Ibm Cloud Pak For Security
Ibm Qradar Suite Products