CVE-2022-43863 – IBM QRadar SIEM privilege escalation
https://notcve.org/view.php?id=CVE-2022-43863
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. • https://exchange.xforce.ibmcloud.com/vulnerabilities/239425 https://www.ibm.com/support/pages/node/6964862 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVE-2022-34351 – IBM QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2022-34351
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402. • https://exchange.xforce.ibmcloud.com/vulnerabilities/230402 https://www.ibm.com/support/pages/node/6955059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-312: Cleartext Storage of Sensitive Information •
CVE-2023-22875 – IBM Security QRadar SIEM information disclosure
https://notcve.org/view.php?id=CVE-2023-22875
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356. IBM QRadar SIEM 7.4 y 7.5 copia los archivos de claves de certificado utilizados para SSL/TLS en la interfaz de usuario web de QRadar en hosts gestionados en el despliegue que no requieren esa clave. ID de IBM X-Force: 244356. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244356 https://www.ibm.com/support/pages/node/6855643 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2022-30613
https://notcve.org/view.php?id=CVE-2022-30613
IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. IBM QRadar SIEM versiones 7.4 y 7.5, podría divulgar información confidencial por medio de un servicio local a un usuario privilegiado. IBM X-Force ID: 227366 • https://exchange.xforce.ibmcloud.com/vulnerabilities/227366 https://www.ibm.com/support/pages/node/6826693 •
CVE-2022-22480
https://notcve.org/view.php?id=CVE-2022-22480
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889. Un reequilibrio de nodos de datos de IBM QRadar SIEM versiones 7.4 y 7.5, no funciona correctamente cuando son usados hosts cifrados, lo que podría resultar en una divulgación de información. IBM X-Force ID: 225889 • https://exchange.xforce.ibmcloud.com/vulnerabilities/225889 https://www.ibm.com/support/pages/node/6826695 •