CVE-2024-28799

Name of the Vulnerable Software and Affected Versions IBM QRadar Suite Software versions 1.10.12.0 through 1.10.23.0 IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0

Description The issue is related to the improper display of sensitive data during back-end commands, potentially resulting in the unexpected disclosure of this information to a local privileged user in non-default configurations. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For IBM QRadar Suite Software versions 1.10.12.0 through 1.10.23.0, upgrade to a version that properly handles sensitive data during back-end commands. For IBM Cloud Pak for Security versions 1.10.0.0 through 1.10.11.0, upgrade to a version that properly handles sensitive data during back-end commands. As a temporary workaround, consider restricting access to back-end commands to minimize the risk of exploitation.