A critical XSS vulnerability identified in IBM’s QRadar SIEM (Security Information and Event Management) platform, tracked as CVE-2024-47107, allows authenticated users execute malicious Javascript code through the platform’s web interface, prompting immediate concern among cybersecurity professionals and enterprise users.
With a CVSS base score of 6.4, the vulnerability poses a moderate to serious risk to organizations using affected versions of QRadar SIEM.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Impact and Technical Details
Security researchers found that the vulnerability enables attackers to inject malicious JavaScript code into the QRadar Web UI.
This could potentially lead to the disclosure of sensitive credentials within trusted sessions, compromising system security. The vulnerability affects QRadar SIEM versions 7.5 through 7.5.0 UP10 IF01.
“IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and potentially leading to credentials disclosure within a trusted session.” IBM reported.
“This type of vulnerability is particularly concerning because it could allow attackers to hijack legitimate user sessions and access sensitive security monitoring data,” said a cybersecurity expert familiar with the matter.
IBM has released a patch to address this vulnerability in version 7.5.0 UP10 IF02. The company strongly recommends that all customers running affected versions update their systems immediately to mitigate potential security risks.
The discovery of this vulnerability serves as a reminder of the ongoing importance of prompt security updates, especially in critical security monitoring platforms like SIEM systems.
We have identified no workarounds or alternative mitigations, leaving the update as the only current solution to address this security concern.
Organizations using IBM QRadar SIEM are advised to review their deployment and apply the necessary updates as soon as possible.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses