Lucene search

IbmVULNRICHMENT:CVE-2023-43041

HistoryOct 29, 2023 - 12:49 a.m.

CVE-2023-43041 IBM QRadar information disclosure

2023-10-2900:49:57

CWE-200

ibm

github.com

ibm qradar siem

information exposure

delegated admin tenant

domain security profile

incomplete fix

cve-2022-34352

ibm x-force id

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.

References

exchange.xforce.ibmcloud.com/vulnerabilities/266808

www.ibm.com/support/pages/node/7060803

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

Low

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-43041