Cross-Site Scripting Vulnerability in IBM QRadar SIEM
CVE-2024-56463

4.8MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
14 February 2025

Summary

IBM QRadar SIEM 7.5 is susceptible to a cross-site scripting vulnerability that enables a privileged user to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the software's intended functionality and may facilitate the disclosure of sensitive credentials within a trusted user session, posing a serious security risk. Prompt remediation of this vulnerability is crucial to maintaining the integrity and confidentiality of user data.

Affected Version(s)

QRadar SIEM 7.5 <= 7.5.0 UP11

References

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.