Search criteria
370 vulnerabilities found for qradar_security_information_and_event_manager by ibm
CVE-2024-56464 (GCVE-0-2024-56464)
Vulnerability from nvd – Published: 2025-12-09 13:26 – Updated: 2025-12-09 14:36
VLAI?
Title
IBM QRadar SIEM is affected by an information disclosure vulnerability
Summary
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | IBM QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 UP14 IF01
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:34:37.675906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:36:32.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "IBM QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP14 IF01",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM QRadar SIEM\u0026nbsp;7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "IBM QRadar SIEM\u00a07.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T13:26:15.979Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253664"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.5.0-QRADAR-QRSIEM-20251127135306INT\u0026amp;includeSupersedes=0\u0026amp;source=fc\"\u003eQRadar 7.5.0 UP14 IF02\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP14 IF02 https://www.ibm.com/support/fixcentral/swg/quickorder"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM is affected by an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56464",
"datePublished": "2025-12-09T13:26:15.979Z",
"dateReserved": "2024-12-26T12:50:20.773Z",
"dateUpdated": "2025-12-09T14:36:32.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33119 (GCVE-0-2025-33119)
Vulnerability from nvd – Published: 2025-11-12 21:19 – Updated: 2025-11-13 15:03
VLAI?
Title
IBM QRadar SIEM Information Disclosure
Summary
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.
Severity ?
6.5 (Medium)
CWE
- CWE-260 - Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar Security Information and Event Management |
Affected:
7.5 , ≤ 7.5.0 UP14
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:* |
Credits
Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:03:09.997337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:03:22.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*"
],
"product": "QRadar Security Information and Event Management",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP14",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.\u003c/p\u003e"
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260 Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:22:06.391Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250932"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM encourages customers to update their systems promptly. Product Version Fix IBM QRadar SIEM 7.5.0 QRadar 7.5.0 UP14 IF01\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM encourages customers to update their systems promptly. Product Version Fix IBM QRadar SIEM 7.5.0 QRadar 7.5.0 UP14 IF01"
}
],
"title": "IBM QRadar SIEM Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33119",
"datePublished": "2025-11-12T21:19:55.966Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-11-13T15:03:22.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36170 (GCVE-0-2025-36170)
Vulnerability from nvd – Published: 2025-10-27 18:46 – Updated: 2025-10-27 19:32
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5.0 , ≤ 7.5.0 Update Pack 13
(semver)
|
Credits
Fahimhusain Raydurg
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T19:32:08.320199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T19:32:23.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.0:update_pack_13",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fahimhusain Raydurg"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:46:38.109Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249278"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36170",
"datePublished": "2025-10-27T18:46:38.109Z",
"dateReserved": "2025-04-15T21:16:22.577Z",
"dateUpdated": "2025-10-27T19:32:23.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36138 (GCVE-0-2025-36138)
Vulnerability from nvd – Published: 2025-10-27 18:47 – Updated: 2025-10-27 19:27
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5.0 , ≤ 7.5.0 Update Pack 13
(semver)
|
Credits
Fahimhusain Raydurg
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T19:26:53.241316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T19:27:11.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.0:update_pack_13",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fahimhusain Raydurg"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:47:11.153Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249278"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36138",
"datePublished": "2025-10-27T18:47:11.153Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-10-27T19:27:11.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36007 (GCVE-0-2025-36007)
Vulnerability from nvd – Published: 2025-10-27 18:40 – Updated: 2025-10-28 03:56
VLAI?
Title
IBM QRadar SIEM incorrect privilege assignment
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.
Severity ?
7.8 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5.0 , ≤ 7.5.0 UP13 IF02
(semver)
|
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed,Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T03:56:06.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP13 IF02",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.0:update_pack_13",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed,Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:40:16.046Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249277"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eProduct Version Fix\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP14\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProduct Version Fix\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM incorrect privilege assignment",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36007",
"datePublished": "2025-10-27T18:40:16.046Z",
"dateReserved": "2025-04-15T21:16:05.533Z",
"dateUpdated": "2025-10-28T03:56:06.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0164 (GCVE-0-2025-0164)
Vulnerability from nvd – Published: 2025-09-14 12:57 – Updated: 2025-09-15 15:59
VLAI?
Title
IBM QRadar SIEM information disclosure
Summary
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 UP13 IF01
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:59:14.119003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:59:20.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP13 IF01",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-14T12:57:32.490Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244784"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QRSIEM-20250904123850INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20Security%20QRadar%20SIEM\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2002\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQRadar 7.5.0 UP13 IF02\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP13 IF02 https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0164",
"datePublished": "2025-09-14T12:57:32.490Z",
"dateReserved": "2024-12-31T19:09:15.856Z",
"dateUpdated": "2025-09-15T15:59:20.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36042 (GCVE-0-2025-36042)
Vulnerability from nvd – Published: 2025-08-22 14:55 – Updated: 2025-08-22 15:05
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 13
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T15:04:58.211621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:05:10.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0\u0026nbsp;Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0\u00a0Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T14:55:01.862Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242869"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QRSIEM-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20QRadar%20Network%20Insights\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQRadar 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eQRadar Incident Forensics\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QIFSFS-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20Security%20QRadar%20Incident%20Forensics\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQIF 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes QRadar Incident Forensics\u00a07.5.0 QIF 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36042",
"datePublished": "2025-08-22T14:55:01.862Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-22T15:05:10.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33120 (GCVE-0-2025-33120)
Vulnerability from nvd – Published: 2025-08-22 14:54 – Updated: 2025-08-23 03:55
VLAI?
Title
IBM QRadar SIEM privilege escalation
Summary
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 13
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T03:55:11.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T14:54:02.504Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242869"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QRSIEM-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20QRadar%20Network%20Insights\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQRadar 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eQRadar Incident Forensics\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QIFSFS-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20Security%20QRadar%20Incident%20Forensics\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQIF 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes QRadar Incident Forensics\u00a07.5.0 QIF 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33120",
"datePublished": "2025-08-22T14:54:02.504Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-23T03:55:11.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33118 (GCVE-0-2025-33118)
Vulnerability from nvd – Published: 2025-08-01 17:21 – Updated: 2025-08-01 17:34
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T17:33:51.604218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:34:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:21:16.808Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241303"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eProduct Version Fix\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP13\u003cbr\u003eQRadar Incident Forensics \u0026nbsp; 7.5.0 QIF 7.5.0 UP13\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProduct Version Fix\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP13\nQRadar Incident Forensics \u00a0 7.5.0 QIF 7.5.0 UP13"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33118",
"datePublished": "2025-08-01T17:21:16.808Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-01T17:34:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33097 (GCVE-0-2025-33097)
Vulnerability from nvd – Published: 2025-07-15 14:29 – Updated: 2025-08-18 01:34
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5, , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T14:45:11.509205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T14:45:18.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5,",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:34:37.793Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7239755"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade IBM QRadar SIEM to 7.5.0 UP12 IF03.\u003cbr\u003e"
}
],
"value": "Upgrade IBM QRadar SIEM to 7.5.0 UP12 IF03."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33097",
"datePublished": "2025-07-15T14:29:54.224Z",
"dateReserved": "2025-04-15T17:50:40.773Z",
"dateUpdated": "2025-08-18T01:34:37.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36050 (GCVE-0-2025-36050)
Vulnerability from nvd – Published: 2025-06-19 17:13 – Updated: 2025-08-26 14:52
VLAI?
Title
IBM QRadar SIEM information disclosure
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
Severity ?
6.2 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:57:48.937181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:11:05.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:52:33.272Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP12 IF02\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP12 IF02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM QRadar SIEM information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36050",
"datePublished": "2025-06-19T17:13:40.753Z",
"dateReserved": "2025-04-15T21:16:11.324Z",
"dateUpdated": "2025-08-26T14:52:33.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33121 (GCVE-0-2025-33121)
Vulnerability from nvd – Published: 2025-06-19 17:14 – Updated: 2025-08-24 11:45
VLAI?
Title
IBM QRadar SIEM XML external entity injection
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity ?
7.1 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:57:46.925353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:10:58.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:45:56.274Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP12 IF02\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP12 IF02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM QRadar SIEM XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33121",
"datePublished": "2025-06-19T17:14:42.786Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-24T11:45:56.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33117 (GCVE-0-2025-33117)
Vulnerability from nvd – Published: 2025-06-19 17:16 – Updated: 2025-08-24 11:46
VLAI?
Title
IBM QRadar SIEM command execution
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
Severity ?
9.1 (Critical)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T03:55:34.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:46:22.642Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP12 IF02\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP12 IF02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM QRadar SIEM command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33117",
"datePublished": "2025-06-19T17:16:41.195Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-24T11:46:22.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56463 (GCVE-0-2024-56463)
Vulnerability from nvd – Published: 2025-02-14 16:14 – Updated: 2025-08-25 22:33
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 UP11
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T16:46:24.456612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T16:46:30.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP11",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T22:33:35.220Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183251"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56463",
"datePublished": "2025-02-14T16:14:40.232Z",
"dateReserved": "2024-12-26T12:50:20.772Z",
"dateUpdated": "2025-08-25T22:33:35.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28786 (GCVE-0-2024-28786)
Vulnerability from nvd – Published: 2025-01-27 23:36 – Updated: 2025-01-28 15:18
VLAI?
Title
IBM QRadar SIEM information disclosure
Summary
IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.
Severity ?
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:25.870086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:25.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques."
}
],
"value": "IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T23:36:08.015Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173420"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-28786",
"datePublished": "2025-01-27T23:36:08.015Z",
"dateReserved": "2024-03-10T12:23:24.002Z",
"dateUpdated": "2025-01-28T15:18:25.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56464 (GCVE-0-2024-56464)
Vulnerability from cvelistv5 – Published: 2025-12-09 13:26 – Updated: 2025-12-09 14:36
VLAI?
Title
IBM QRadar SIEM is affected by an information disclosure vulnerability
Summary
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | IBM QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 UP14 IF01
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-09T14:34:37.675906Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T14:36:32.867Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "IBM QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP14 IF01",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM QRadar SIEM\u0026nbsp;7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "IBM QRadar SIEM\u00a07.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-548",
"description": "CWE-548",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-09T13:26:15.979Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7253664"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cbr\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security\u0026amp;product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager\u0026amp;release=All\u0026amp;platform=All\u0026amp;function=fixId\u0026amp;fixids=7.5.0-QRADAR-QRSIEM-20251127135306INT\u0026amp;includeSupersedes=0\u0026amp;source=fc\"\u003eQRadar 7.5.0 UP14 IF02\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP14 IF02 https://www.ibm.com/support/fixcentral/swg/quickorder"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM is affected by an information disclosure vulnerability",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56464",
"datePublished": "2025-12-09T13:26:15.979Z",
"dateReserved": "2024-12-26T12:50:20.773Z",
"dateUpdated": "2025-12-09T14:36:32.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-33119 (GCVE-0-2025-33119)
Vulnerability from cvelistv5 – Published: 2025-11-12 21:19 – Updated: 2025-11-13 15:03
VLAI?
Title
IBM QRadar SIEM Information Disclosure
Summary
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.
Severity ?
6.5 (Medium)
CWE
- CWE-260 - Password in Configuration File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar Security Information and Event Management |
Affected:
7.5 , ≤ 7.5.0 UP14
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:* |
Credits
Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33119",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-13T15:03:09.997337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-13T15:03:22.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*"
],
"product": "QRadar Security Information and Event Management",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP14",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Acknowledgement John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, and Dawid Bak from the IBM Security Ethical Hacking Team."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.\u003c/p\u003e"
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-260",
"description": "CWE-260 Password in Configuration File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T21:22:06.391Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7250932"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eRemediation/Fixes IBM encourages customers to update their systems promptly. Product Version Fix IBM QRadar SIEM 7.5.0 QRadar 7.5.0 UP14 IF01\u003c/p\u003e"
}
],
"value": "Remediation/Fixes IBM encourages customers to update their systems promptly. Product Version Fix IBM QRadar SIEM 7.5.0 QRadar 7.5.0 UP14 IF01"
}
],
"title": "IBM QRadar SIEM Information Disclosure",
"x_generator": {
"engine": "ibm-cvegen"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33119",
"datePublished": "2025-11-12T21:19:55.966Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-11-13T15:03:22.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-36138 (GCVE-0-2025-36138)
Vulnerability from cvelistv5 – Published: 2025-10-27 18:47 – Updated: 2025-10-27 19:27
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5.0 , ≤ 7.5.0 Update Pack 13
(semver)
|
Credits
Fahimhusain Raydurg
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36138",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T19:26:53.241316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T19:27:11.083Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.0:update_pack_13",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fahimhusain Raydurg"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:47:11.153Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249278"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36138",
"datePublished": "2025-10-27T18:47:11.153Z",
"dateReserved": "2025-04-15T21:16:19.008Z",
"dateUpdated": "2025-10-27T19:27:11.083Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36170 (GCVE-0-2025-36170)
Vulnerability from cvelistv5 – Published: 2025-10-27 18:46 – Updated: 2025-10-27 19:32
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5.0 , ≤ 7.5.0 Update Pack 13
(semver)
|
Credits
Fahimhusain Raydurg
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36170",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T19:32:08.320199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T19:32:23.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.0:update_pack_13",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fahimhusain Raydurg"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:46:38.109Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249278"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36170",
"datePublished": "2025-10-27T18:46:38.109Z",
"dateReserved": "2025-04-15T21:16:22.577Z",
"dateUpdated": "2025-10-27T19:32:23.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36007 (GCVE-0-2025-36007)
Vulnerability from cvelistv5 – Published: 2025-10-27 18:40 – Updated: 2025-10-28 03:56
VLAI?
Title
IBM QRadar SIEM incorrect privilege assignment
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.
Severity ?
7.8 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5.0 , ≤ 7.5.0 UP13 IF02
(semver)
|
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed,Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T03:56:06.382Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP13 IF02",
"status": "affected",
"version": "7.5.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:qradar_siem:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.5.0:update_pack_13",
"versionStartIncluding": "7.5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed,Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-27T18:40:16.046Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7249277"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eProduct Version Fix\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP14\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProduct Version Fix\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP14"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM incorrect privilege assignment",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36007",
"datePublished": "2025-10-27T18:40:16.046Z",
"dateReserved": "2025-04-15T21:16:05.533Z",
"dateUpdated": "2025-10-28T03:56:06.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0164 (GCVE-0-2025-0164)
Vulnerability from cvelistv5 – Published: 2025-09-14 12:57 – Updated: 2025-09-15 15:59
VLAI?
Title
IBM QRadar SIEM information disclosure
Summary
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 UP13 IF01
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0164",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-15T15:59:14.119003Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-15T15:59:20.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP13 IF01",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-14T12:57:32.490Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7244784"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QRSIEM-20250904123850INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20Security%20QRadar%20SIEM\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2002\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQRadar 7.5.0 UP13 IF02\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP13 IF02 https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-0164",
"datePublished": "2025-09-14T12:57:32.490Z",
"dateReserved": "2024-12-31T19:09:15.856Z",
"dateUpdated": "2025-09-15T15:59:20.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36042 (GCVE-0-2025-36042)
Vulnerability from cvelistv5 – Published: 2025-08-22 14:55 – Updated: 2025-08-22 15:05
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 13
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T15:04:58.211621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T15:05:10.392Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0\u0026nbsp;Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0\u00a0Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T14:55:01.862Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242869"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QRSIEM-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20QRadar%20Network%20Insights\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQRadar 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eQRadar Incident Forensics\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QIFSFS-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20Security%20QRadar%20Incident%20Forensics\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQIF 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes QRadar Incident Forensics\u00a07.5.0 QIF 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36042",
"datePublished": "2025-08-22T14:55:01.862Z",
"dateReserved": "2025-04-15T21:16:10.568Z",
"dateUpdated": "2025-08-22T15:05:10.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33120 (GCVE-0-2025-33120)
Vulnerability from cvelistv5 – Published: 2025-08-22 14:54 – Updated: 2025-08-23 03:55
VLAI?
Title
IBM QRadar SIEM privilege escalation
Summary
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
Severity ?
7.8 (High)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 13
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33120",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-23T03:55:11.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 13",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-22T14:54:02.504Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7242869"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIBM encourages customers to update their systems promptly.\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eProduct\u003c/td\u003e\u003ctd\u003eVersion\u003c/td\u003e\u003ctd\u003eFix\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eIBM QRadar SIEM\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QRSIEM-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20QRadar%20Network%20Insights\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQRadar 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eQRadar Incident Forensics\u003c/td\u003e\u003ctd\u003e\u0026nbsp;7.5.0\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.ibm.com/support/fixcentral/swg/selectFixes?fixids=7.5.0-QRADAR-QIFSFS-20250819010639INT\u0026amp;product=ibm%2FOther%20software%2FIBM%20Security%20QRadar%20Incident%20Forensics\u0026amp;source=dbluesearch\u0026amp;mhsrc=ibmsearch_a\u0026amp;mhq=UpdatePackage%2013%20Interim%20Fix%2003\u0026amp;function=fixId\u0026amp;parent=IBM%20Security\"\u003eQIF 7.5.0 UP13 IF01\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\u003c/div\u003e\n\n\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProductVersionFixIBM QRadar SIEM\u00a07.5.0 QRadar 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes QRadar Incident Forensics\u00a07.5.0 QIF 7.5.0 UP13 IF01 https://www.ibm.com/support/fixcentral/swg/selectFixes"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33120",
"datePublished": "2025-08-22T14:54:02.504Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-23T03:55:11.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33118 (GCVE-0-2025-33118)
Vulnerability from cvelistv5 – Published: 2025-08-01 17:21 – Updated: 2025-08-01 17:34
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T17:33:51.604218Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:34:02.243Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T17:21:16.808Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7241303"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eProduct Version Fix\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP13\u003cbr\u003eQRadar Incident Forensics \u0026nbsp; 7.5.0 QIF 7.5.0 UP13\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nProduct Version Fix\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP13\nQRadar Incident Forensics \u00a0 7.5.0 QIF 7.5.0 UP13"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33118",
"datePublished": "2025-08-01T17:21:16.808Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-01T17:34:02.243Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33097 (GCVE-0-2025-33097)
Vulnerability from cvelistv5 – Published: 2025-07-15 14:29 – Updated: 2025-08-18 01:34
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
6.4 (Medium)
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5, , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33097",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-15T14:45:11.509205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-15T14:45:18.187Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5,",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T01:34:37.793Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7239755"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade IBM QRadar SIEM to 7.5.0 UP12 IF03.\u003cbr\u003e"
}
],
"value": "Upgrade IBM QRadar SIEM to 7.5.0 UP12 IF03."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33097",
"datePublished": "2025-07-15T14:29:54.224Z",
"dateReserved": "2025-04-15T17:50:40.773Z",
"dateUpdated": "2025-08-18T01:34:37.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33117 (GCVE-0-2025-33117)
Vulnerability from cvelistv5 – Published: 2025-06-19 17:16 – Updated: 2025-08-24 11:46
VLAI?
Title
IBM QRadar SIEM command execution
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
Severity ?
9.1 (Critical)
CWE
- CWE-73 - External Control of File Name or Path
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-23T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-24T03:55:34.441Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73 External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:46:22.642Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP12 IF02\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP12 IF02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM QRadar SIEM command execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33117",
"datePublished": "2025-06-19T17:16:41.195Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-24T11:46:22.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-33121 (GCVE-0-2025-33121)
Vulnerability from cvelistv5 – Published: 2025-06-19 17:14 – Updated: 2025-08-24 11:45
VLAI?
Title
IBM QRadar SIEM XML external entity injection
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
Severity ?
7.1 (High)
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-33121",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:57:46.925353Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:10:58.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611 Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T11:45:56.274Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP12 IF02\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP12 IF02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM QRadar SIEM XML external entity injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-33121",
"datePublished": "2025-06-19T17:14:42.786Z",
"dateReserved": "2025-04-15T17:50:56.613Z",
"dateUpdated": "2025-08-24T11:45:56.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-36050 (GCVE-0-2025-36050)
Vulnerability from cvelistv5 – Published: 2025-06-19 17:13 – Updated: 2025-08-26 14:52
VLAI?
Title
IBM QRadar SIEM information disclosure
Summary
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
Severity ?
6.2 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 Update Pack 12
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:* |
Credits
John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-36050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-20T12:57:48.937181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T13:11:05.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 Update Pack 12",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "John Zuccato, Rodney Ryan, Chris Shepherd, Vince Dragnea, Ben Goodspeed, Dawid Bak"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user."
}
],
"value": "IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-26T14:52:33.272Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7237317"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM encourages customers to update their systems promptly.\u003cbr\u003e\u003cbr\u003eIBM QRadar SIEM \u0026nbsp; 7.5.0 QRadar 7.5.0 UP12 IF02\u003cbr\u003e"
}
],
"value": "IBM encourages customers to update their systems promptly.\n\nIBM QRadar SIEM \u00a0 7.5.0 QRadar 7.5.0 UP12 IF02"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "IBM QRadar SIEM information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-36050",
"datePublished": "2025-06-19T17:13:40.753Z",
"dateReserved": "2025-04-15T21:16:11.324Z",
"dateUpdated": "2025-08-26T14:52:33.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56463 (GCVE-0-2024-56463)
Vulnerability from cvelistv5 – Published: 2025-02-14 16:14 – Updated: 2025-08-25 22:33
VLAI?
Title
IBM QRadar SIEM cross-site scripting
Summary
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
4.8 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5 , ≤ 7.5.0 UP11
(semver)
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-56463",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-14T16:46:24.456612Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-14T16:46:30.332Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "7.5.0 UP11",
"status": "affected",
"version": "7.5",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T22:33:35.220Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7183251"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-56463",
"datePublished": "2025-02-14T16:14:40.232Z",
"dateReserved": "2024-12-26T12:50:20.772Z",
"dateUpdated": "2025-08-25T22:33:35.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28786 (GCVE-0-2024-28786)
Vulnerability from cvelistv5 – Published: 2025-01-27 23:36 – Updated: 2025-01-28 15:18
VLAI?
Title
IBM QRadar SIEM information disclosure
Summary
IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.
Severity ?
6.5 (Medium)
CWE
- CWE-319 - Cleartext Transmission of Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | QRadar SIEM |
Affected:
7.5
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28786",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T14:53:25.870086Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-28T15:18:25.774Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "QRadar SIEM",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques."
}
],
"value": "IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-319",
"description": "CWE-319 Cleartext Transmission of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T23:36:08.015Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173420"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM QRadar SIEM information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-28786",
"datePublished": "2025-01-27T23:36:08.015Z",
"dateReserved": "2024-03-10T12:23:24.002Z",
"dateUpdated": "2025-01-28T15:18:25.774Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}