User Credentials Exposure in IBM QRadar Suite and Cloud Pak for Security
CVE-2024-28782

6.3MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
3 April 2024

Summary

A vulnerability within the IBM QRadar Suite Software and IBM Cloud Pak for Security has been identified, where user credentials are stored in plain text. This security flaw allows authenticated users to access sensitive information regarding other users' credentials, potentially leading to unauthorized access and data breaches. It is essential for users and administrators to take immediate actions to mitigate this risk by updating to secure versions and implementing best practices for credential storage.

Affected Version(s)

Cloud Pak for Security 1.10.0.0 <= 1.10.11.0

QRadar Suite Software 1.10.12.0 <= 1.10.18.0

References

CVSS V3.1

Score:
6.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

.