CVE-2021-20397: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.3 and 7.4 were found to be vulnerable to cross-site scripting (CVE-2021-20397). The vulnerability was discovered in December 2020 and publicly disclosed in April 2021. The affected versions include IBM QRadar 7.3.0 to 7.3.3 Patch 7 and IBM QRadar 7.4.0 to 7.4.2 Patch 2 (IBM Support).

The vulnerability allows users to embed arbitrary JavaScript code in the Web UI, which could alter the intended functionality of the application. The flaw received a CVSS Base score of 6.1 with a vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity and no privileges required (IBM Support).

If exploited, this vulnerability could potentially lead to credentials disclosure within a trusted session. The cross-site scripting vulnerability allows attackers to inject malicious scripts that could compromise user sessions and access sensitive information (IBM Support).

IBM released patches to address this vulnerability: QRadar/QRM/QVM/QRIF/QNI 7.3.3 Patch 8 and QRadar/QRM/QVM/QRIF/QNI 7.4.2 Patch 3. No workarounds or alternative mitigations were provided (IBM Support).