CVE-2021-38878: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. This vulnerability is tracked as CVE-2021-38878 and affects IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA through 7.4.3 FP4, and 7.3.3 GA through 7.3.3 FP10 (IBM Security Bulletin).

The vulnerability has a CVSS Base score of 5.9 with vector (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). The issue stems from improper key exchange implementation that lacks proper entity authentication, potentially allowing impersonation attacks (IBM Security Bulletin).

A successful exploitation of this vulnerability could allow an attacker to impersonate another actor in the system, potentially leading to unauthorized access and actions being performed under the impersonated identity (IBM Security Bulletin).

IBM recommends updating affected systems to the following fixed versions: QRadar/QRM/QVM/QRIF/QNI 7.5.0 UP1 for 7.5.0 GA, QRadar/QRM/QVM/QRIF/QNI 7.4.3 FP5 for 7.4.3, and QRadar/QRM/QVM/QRIF/QNI 7.3.3 FP11 for 7.3.3. No workarounds are available for this vulnerability (IBM Security Bulletin).