User Credentials Exposure in IBM QRadar Suite and Cloud Pak for Security
CVE-2024-28782

6.3MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 3 April 2024

Summary

A vulnerability within the IBM QRadar Suite Software and IBM Cloud Pak for Security has been identified, where user credentials are stored in plain text. This security flaw allows authenticated users to access sensitive information regarding other users' credentials, potentially leading to unauthorized access and data breaches. It is essential for users and administrators to take immediate actions to mitigate this risk by updating to secure versions and implementing best practices for credential storage.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.10.18.0

References

https://www.ibm.com/support/pages/node/7145683

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/285698

vdb-entry

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 3, 2024