CVE-2021-29779: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.3.0 to 7.3.3 Fix Pack 9 and 7.4.0 to 7.4.3 Fix Pack 2 contain a vulnerability that could allow an attacker to obtain sensitive information. The vulnerability (CVE-2021-29779) was discovered and disclosed in March 2021, affecting the inter-host communications functionality where the server performs key exchange without entity authentication (IBM Security).

The vulnerability has a CVSS Base score of 5.9 with a vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network accessible, requires high attack complexity, needs no privileges or user interaction, and can result in high confidentiality impact without affecting integrity or availability (IBM Security).

An attacker could potentially obtain sensitive information by exploiting the key exchange vulnerability using man-in-the-middle techniques during inter-host communications (IBM Security).

IBM has released fixes in QRadar/QRM/QVM/QRIF/QNI versions 7.3.3 Fix Pack 10 and 7.4.3 Fix Pack 4. For QRadar on Cloud users, version 7.4.3 Fix Pack 3 is available. Note that version 7.4.3 Fix Pack 3 was removed for on-premise QRadar SIEM users. No workarounds or alternative mitigations are available (IBM Security).