Log File Vulnerability Could Allow Local User Access
CVE-2024-25023

5.5MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 10 July 2024

Summary

IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281429.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.10.22.0

References

https://www.ibm.com/support/pages/node/7159768

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/281429

vdb-entry

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024