Vulnerability DatabaseCVE-2024-27269

CVE-2024-27269:
IBM QRadar SIEM vulnerability analysis and mitigation

Overview

IBM QRadar SIEM 7.5 contains a vulnerability that could allow a privileged user to configure user management in a way that would disclose unintended sensitive information across tenants (IBM Support, X-Force Exchange). The vulnerability was disclosed on May 14, 2024, and is tracked as CVE-2024-27269.

Technical details

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N. This indicates that the vulnerability requires high privileges to exploit, but can be accessed over the network without user interaction. The vulnerability is classified under CWE-286 (Incorrect User Management) (IBM Support).

Impact

The primary impact of this vulnerability is the potential disclosure of sensitive information across tenants. While the vulnerability requires high privileges to exploit, it could lead to a significant breach of data confidentiality between different tenant environments (IBM Support).

Mitigation and workarounds

IBM has released security updates to address this vulnerability. Users of QRadar SIEM 7.5 should apply the latest patches and updates provided by IBM to mitigate this security issue (IBM Support).