PT-2024-5312 · Ibm · Ibm Qradar Suite+1
Published
2024-07-08
·
Updated
2024-09-21
·
CVE-2024-25023
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0
IBM QRadar Suite Software versions 1.10.12.0 through 1.10.22.0
Description
The issue is related to the storage of potentially sensitive information in log files by IBM Cloud Pak for Security and IBM QRadar Suite Software. This information could be read by a local user, potentially allowing an attacker to gain unauthorized access to protected information.
Recommendations
For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, update to a version that stores sensitive information securely.
For IBM QRadar Suite Software versions 1.10.12.0 through 1.10.22.0, update to a version that stores sensitive information securely.
As a temporary workaround, consider restricting access to log files to minimize the risk of exploitation.
Fix
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Cloud Pak For Security
Ibm Qradar Suite