Cross-Site Scripting Vulnerability in IBM QRadar SIEM
CVE-2024-56463
4.8MEDIUM
Summary
IBM QRadar SIEM 7.5 is susceptible to a cross-site scripting vulnerability that enables a privileged user to inject arbitrary JavaScript code into the Web UI. This exploitation can modify the software's intended functionality and may facilitate the disclosure of sensitive credentials within a trusted user session, posing a serious security risk. Prompt remediation of this vulnerability is crucial to maintaining the integrity and confidentiality of user data.
Affected Version(s)
QRadar SIEM 7.5 <= 7.5.0 UP11
References
CVSS V3.1
Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved