CVE-2021-29880: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.4.3 GA through 7.4.3 Fix Pack 1 contained a vulnerability that could lead to information disclosure between tenants when using domains or multi-tenancy features. The vulnerability, identified as CVE-2021-29880, could result in SIEM data being incorrectly routed to the wrong domain (IBM Support).

The vulnerability has been assigned a CVSS Base score of 5.3 with the following vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability requires network access, has high attack complexity, requires low privileges, needs no user interaction, has an unchanged scope, can result in high confidentiality impact, but has no impact on integrity or availability (IBM Support).

The vulnerability could allow unauthorized access to SIEM data across different tenants in a multi-domain deployment. This could potentially expose sensitive security information to unauthorized domains, compromising the confidentiality of tenant-specific data (IBM Support).

IBM has released QRadar/QRM/QVM/QRIF/QNI 7.4.3 Fix Pack 2 to address this vulnerability. No workarounds or alternative mitigations are available, making it crucial for affected organizations to apply the fix pack (IBM Support).