Lucene search

K
ibmIBMF199C1C1315BE7A33F17A360CA03E7D388AA512AC0056760649058840E0FF9F6
HistoryMay 30, 2023 - 7:03 p.m.

Security Bulletin: IBM QRadar SIEM is vulnerable to privilege escalation (CVE-2022-31676)

2023-05-3019:03:56
www.ibm.com
21
ibm qradar siem
privilege escalation
vulnerability
cve-2022-31676
ibm
update
fix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%

Summary

IBM QRadar SIEM is vulnerable to privilege escalation. IBM has addressed the vulnerability.

Vulnerability Details

CVEID:CVE-2022-31676
**DESCRIPTION:**VMware Tools could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper privilege management. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain elevated privileges as the root user in the virtual machine.
CVSS Base score: 7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/234190 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM QRadar SIEM 7.4.3 - 7.4.3 FP8
IBM QRadar SIEM 7.5.0 - 7.5.0 UP4

Remediation/Fixes

IBM encourages customers to update their systems promptly.

Product Version Remediation/First Fix
IBM QRadar SIEM 7.4.3 7.4.3 FP9
IBM QRadar SIEM 7.5.0 7.5.0 UP5

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmibm_qradar_siemMatch7.4
OR
ibmibm_qradar_siemMatch7.5

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0

Percentile

5.1%