Security Bulletin: IBM QRadar Suite software is vulnerable to information exposure

Summary

IBM QRadar Suite software is vulnerable to information exposure through log files. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version.

Vulnerability Details

CVEID:CVE-2024-22336
**DESCRIPTION:**IBM QRadar Suite stores potentially sensitive information in log files that could be read by a local user.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279976 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-22337
**DESCRIPTION:**IBM QRadar Suite stores potentially sensitive information in log files that could be read by a local user.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279977 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2024-22335
**DESCRIPTION:**IBM QRadar Suite stores potentially sensitive information in log files that could be read by a local user.
CVSS Base score: 5.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/279975 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

1.10.12.0 - 1.10.17.0

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Please upgrade to at least version 1.10.18.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security&gt;.

After upgrading please follow the steps in this tech note: <https://www.ibm.com/support/pages/node/7117897&gt;

Workarounds and Mitigations

None