Vulnerability DatabaseCVE-2024-56463

CVE-2024-56463:
IBM QRadar SIEM vulnerability analysis and mitigation

Overview

IBM QRadar SIEM 7.5 has been identified with a cross-site scripting vulnerability (CVE-2024-56463), discovered and disclosed in February 2025. This security flaw affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP11, potentially compromising the web interface security (IBM Advisory, NVD).

Technical details

The vulnerability is classified as a cross-site scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has received a CVSS Base Score of 4.8 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N, indicating a network-accessible vulnerability requiring high privileges and user interaction (IBM Advisory).

Impact

When exploited, this vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure within a trusted session. The impact is characterized by low confidentiality and integrity breaches, with no impact on availability (IBM Advisory).

Mitigation and workarounds

IBM has released a fix in version 7.5.0 UP11 IF01 and strongly encourages customers to update their systems promptly. No alternative workarounds or mitigations have been provided by IBM (IBM Advisory).