Sensitive Data Exposure in IBM QRadar Advisor With Watson Application
CVE-2021-20380

5.3MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Advisor
Vendor: CVE Published:; 3 June 2021

What is CVE-2021-20380?

A vulnerability in the IBM QRadar Advisor With Watson application allows a remote user to extract sensitive information through HTTP requests. This exposure can potentially facilitate further attacks, compromising the overall security of the affected system. Users of IBM QRadar SIEM should ensure they are on the latest versions to mitigate risks associated with this vulnerability.

Affected Version(s)

Qradar Advisor 1.1

Qradar Advisor 2.5

References

https://www.ibm.com/support/pages/node/6457941

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/195712

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2021
Vulnerability Reserved
Dec 17, 2020