CVE-2023-50949: 
IBM QRadar SIEM vulnerability analysis and mitigation

IBM QRadar SIEM 7.5 contains a vulnerability (CVE-2023-50949) related to improper certificate validation that could allow unauthorized users to perform unauthorized actions. The vulnerability was disclosed on April 10, 2024, and affects the RabbitMQ protocol used by SOAR integration for IBM QRadar SIEM (IBM Security Bulletin, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.9 (Medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N. This indicates that the vulnerability is network-accessible, requires high attack complexity, needs no privileges or user interaction, has unchanged scope, no impact on confidentiality, high impact on integrity, and no impact on availability. The vulnerability is classified as CWE-295 (Improper Certificate Validation) (IBM Security Bulletin, X-Force Exchange).

The vulnerability could potentially enable man-in-the-middle (MITM) attacks due to the lack of proper certificate validation in the RabbitMQ protocol. This could allow unauthorized users to perform unauthorized actions, primarily affecting the integrity of the system (IBM Security Bulletin).

IBM has released fixes for QRadar SIEM version 7.5.0 through the QRadar Protocol RabbitMQ update. The updates are available via Auto Update. Users are advised to apply the security update as specified in IBM Security Bulletin 7147933 (IBM Security Bulletin).