Information Disclosure Vulnerability in IBM QRadar Advisor
CVE-2019-4672

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Advisor
Vendor: CVE Published:; 25 February 2020

What is CVE-2019-4672?

IBM QRadar Advisor versions 1.1 to 2.5 are susceptible to an information disclosure vulnerability that enables unauthorized attackers to glean sensitive data through specifically crafted HTTP requests. This exploitation can further facilitate subsequent attacks against the affected systems, posing a significant security risk. To mitigate these vulnerabilities, users are encouraged to update to the latest version and review any security best practices to safeguard their environments.

Affected Version(s)

Qradar Advisor 1.1

Qradar Advisor 2.5

References

https://www.ibm.com/support/pages/node/3379965

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/171438

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 25, 2020
Vulnerability Reserved
Jan 3, 2019