CVE-2021-29849: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.3 and 7.4 were identified to contain a cross-site scripting (XSS) vulnerability tracked as CVE-2021-29849. The vulnerability was discovered and disclosed in March 2021, affecting IBM QRadar SIEM versions 7.3.0 to 7.3.3 Fix Pack 9 and 7.4.0 to 7.4.3 Fix Pack 2 (IBM Support).

The vulnerability allows attackers to embed arbitrary JavaScript code in the Web UI, which could alter the intended functionality of the application. The vulnerability has been assigned a CVSS Base score of 5.4 with the vector CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating a medium severity issue requiring low attack complexity and user interaction (IBM Support).

If successfully exploited, this vulnerability could potentially lead to credentials disclosure within a trusted session. The attacker could manipulate the web interface functionality through injected JavaScript code, potentially compromising user sessions and sensitive information (IBM Support).

IBM has released patches to address this vulnerability in QRadar SIEM 7.3.3 Fix Pack 10 and QRadar SIEM 7.4.3 Fix Pack 3 and 4. Note that version 7.4.3 Fix Pack 3 is only available to QRadar on Cloud users and was removed for on-premise QRadar SIEM users. No workarounds are available for this vulnerability (IBM Support).