IBM SOAR QRadar Plugin App log injection
CVE-2023-38020

4.3MEDIUM

Key Information:

Vendor: IBM
Status: Soar Qradar Plugin App
Vendor: CVE Published:; 2 February 2024

Summary

The IBM SOAR QRadar Plugin App versions 1.0 through 5.0.3 is affected by a vulnerability that enables authenticated users to manipulate output in log files. This flaw arises from improper handling of inputs, which may allow adversaries who gain access to the system to alter logs undetected. Such manipulation can impede incident response activities and compromise the integrity of logs relied upon for security audits and investigations. Addressing this vulnerability is crucial for maintaining robust log management and ensuring the authenticity of security narratives. Users are advised to review their system configurations and apply recommended patches to mitigate potential risks.

Affected Version(s)

SOAR QRadar Plugin App 1.0 <= 5.0.3

References

https://www.ibm.com/support/pages/node/7111679

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/260576

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Jul 11, 2023