CVE-2021-38919: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.3, 7.4, and 7.5 contain a security vulnerability (CVE-2021-38919) that may reveal authorized service tokens to other QRadar users in certain scenarios. The vulnerability was disclosed and patched in April 2022 (IBM Security).

The vulnerability has a CVSS Base score of 5.9 with a vector of (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating a network-accessible vulnerability with high complexity, no privileges required, and no user interaction needed. The vulnerability primarily impacts confidentiality with no effect on integrity or availability (IBM Security).

The vulnerability could allow unauthorized access to service tokens by other QRadar users, potentially leading to unauthorized access to system resources or sensitive information. The exposure of service tokens could compromise the security of the affected systems (IBM Security).

IBM has released fixes for the affected versions: QRadar/QRM/QVM/QRIF/QNI 7.5.0 UP1 for version 7.5.0, QRadar/QRM/QVM/QRIF/QNI 7.4.3 FP5 for version 7.4.3, and QRadar/QRM/QVM/QRIF/QNI 7.3.3 FP11 for version 7.3.3. Users are recommended to update their systems promptly (IBM Security).