Cross-Site Scripting Vulnerability in IBM QRadar SIEM
CVE-2024-56463

4.8MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Siem
Vendor: CVE Published:; 14 February 2025

Summary

IBM QRadar SIEM 7.5 is susceptible to a cross-site scripting vulnerability that enables a privileged user to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the software's intended functionality and may facilitate the disclosure of sensitive credentials within a trusted user session, posing a serious security risk. Prompt remediation of this vulnerability is crucial to maintaining the integrity and confidentiality of user data.

Affected Version(s)

QRadar SIEM 7.5 <= 7.5.0 UP11

References

https://www.ibm.com/support/pages/node/7183251

vendor-advisory

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Dec 26, 2024