EUVD-2021-25315

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

IBM QRadar may allow impersonation due to key exchange lacking entity authentication vulnerability.

Reporter	Title	Published	Views	Family All 11
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM is vulnerable to using components with Known Vulnerabilities	25 Apr 202214:44	–	ibm
Circl	CVE-2021-38878	23 Jun 202200:00	–	circl
CNNVD	IBM QRadar SIEM 安全漏洞	25 Apr 202200:00	–	cnnvd
CNVD	IBM QRadar SIEM Authorization Issue Vulnerability (CNVD-2022-34985)	27 Apr 202200:00	–	cnvd
CVE	CVE-2021-38878	27 Apr 202215:20	–	cve
Cvelist	CVE-2021-38878	27 Apr 202215:20	–	cvelist
NCSC	Vulnerabilities fixed in IBM QRadar	26 Apr 202200:00	–	ncsc
NVD	CVE-2021-38878	27 Apr 202216:15	–	nvd
OSV	CVE-2021-38878	27 Apr 202216:15	–	osv
Prion	Authentication flaw	27 Apr 202216:15	–	prion

[
  {
    "enisaIdVendor": [
      {
        "id": "9bb85eb2-081b-3f19-88d4-69c8a6adc164",
        "vendor": {
          "name": "IBM"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "13d4d945-ded4-3e3e-ab80-dc5261bcca14",
        "product": {
          "name": "QRadar SIEM"
        },
        "product_version": "7.4.3"
      },
      {
        "id": "1a90c962-1638-3b00-8ff0-6acb0ab4ab8d",
        "product": {
          "name": "QRadar SIEM"
        },
        "product_version": "7.3.3"
      },
      {
        "id": "cac0232f-d05f-3191-826f-fa096b6fca41",
        "product": {
          "name": "QRadar SIEM"
        },
        "product_version": "7.5.0"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6574787
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/208756
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.1Medium risk

Vulners AI Score6.1

CVSS 35.9

CVSS 25

CVSS 3.17.5

EPSS0.00324