Vulnerabilities > CVE-2024-28799 - Unspecified vulnerability in IBM Cloud PAK for Security and Qradar Suite

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

ibm

NVD

Published: 2024-08-14

Updated: 2024-09-21

Summary

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173.

Vulnerable Configurations

Part	Description	Count
Application	Ibm IBM Cloud PAK FOR Security 1.10.0.0 IBM Cloud PAK FOR Security 1.10.2.0 IBM Cloud PAK FOR Security 1.10.6.0 IBM Cloud PAK FOR Security 1.10.11.0 IBM Qradar Suite 1.10.12.0 IBM Qradar Suite 1.10.16.0 IBM Qradar Suite 1.10.17.0 IBM Qradar Suite 1.10.21.0	8

References

https://www.ibm.com/support/pages/node/7165488
https://exchange.xforce.ibmcloud.com/vulnerabilities/287173