Vulnerability DatabaseCVE-2023-50950

CVE-2023-50950:
IBM QRadar SIEM vulnerability analysis and mitigation

Overview

IBM QRadar SIEM 7.5 contains a vulnerability (CVE-2023-50950) that could disclose sensitive email information in responses from offense rules. The vulnerability was initially reported on January 17, 2024, and affects IBM QRadar SIEM versions 7.5.0 through 7.5.0 UP7 (IBM Advisory).

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (MEDIUM) by NIST with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, while IBM Corporation assessed it with a lower score of 3.7 (LOW) with vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability is classified under CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) (NVD Database).

Impact

The vulnerability could lead to the disclosure of sensitive email information when processing responses from offense rules in IBM QRadar SIEM. This represents a confidentiality breach that could expose sensitive data to unauthorized parties (IBM Advisory).

Mitigation and workarounds

IBM has released a security fix in version 7.5.0 UP7 IF04. Users are advised to update their IBM QRadar SIEM installations to this version to address the vulnerability (IBM Advisory).