CVE-2023-43041: 
IBM QRadar SIEM vulnerability analysis and mitigation

CVE-2023-43041 affects IBM QRadar SIEM 7.5, exposing a vulnerability that allows a delegated Admin tenant user with a specific domain security profile to access data from other domains. This vulnerability emerged as a result of an incomplete fix for a previous vulnerability (CVE-2022-34352). The issue was disclosed and documented in October 2023 (IBM Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 4.9 (MEDIUM) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N, while IBM Corporation assessed it with a Base Score of 6.5 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD).

The primary impact of this vulnerability is the potential exposure of sensitive information, specifically allowing delegated Admin tenant users with specific domain security profiles to access data from other domains that should be restricted. This represents a significant breach of data isolation between domains (IBM Advisory).

IBM has released a fix for this vulnerability in QRadar SIEM version 7.5.0 UP7 IF01. Users are strongly recommended to upgrade to this version to address the vulnerability. No alternative workarounds have been provided (IBM Advisory).