CVE-2022-22424: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM versions 7.3, 7.4, and 7.5 were found to contain a vulnerability that could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. The vulnerability was assigned CVE-2022-22424 and was disclosed on July 18, 2022 (IBM Security).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. IBM Corporation also provided their own CVSS v3.0 assessment with a base score of 5.1 (Medium) and vector string CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified as CWE-276 (Incorrect Default Permissions) (NVD Database).

If exploited, this vulnerability allows local users to access sensitive information contained in the TLS key file. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (IBM Security).

IBM has released fixes for all affected versions: QRadar SIEM 7.3.3 Fix Pack 12 for version 7.3, QRadar SIEM 7.4.3 Fix Pack 6 for version 7.4, and QRadar SIEM 7.5.0 Update Pack 2 for version 7.5. No workarounds are available, and IBM encourages customers to update their systems promptly (IBM Security).