CVE-2025-36138

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02

Description IBM QRadar SIEM is susceptible to stored cross-site scripting. An authenticated user can inject arbitrary JavaScript code into the Web UI, potentially modifying the intended functionality and leading to credentials disclosure within a trusted session. The vulnerability allows for the embedding of malicious scripts that can compromise the integrity of the system.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.