Two medium-severity vulnerabilities have been discovered in the widely used IBM QRadar SIEM, associated with Cross-Site Scripting (XSS) and Information disclosure. The vulnerabilities have been assigned with CVE-2023-40367 and CVE-2023-30994.
IBM has released patches for fixing these vulnerabilities and urges users to upgrade to the latest version of IBM QRadar.
CVE-2023-40367: IBM QRadar SIEM cross-site scripting
A threat actor can exploit this vulnerability, allowing them to insert arbitrary JavaScript code in the Web UI, which could alter the original functionality and potentially result in credentials disclosure within a trusted session.
The severity for this vulnerability has been given as 5.4 (Medium). This vulnerability falls under the weakness enumeration CWE-79 “Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting‘).”
API security isn’t just a priority; it’s the lifeline of businesses and organizations. Yet, this interconnectivity brings with it an array of vulnerabilities that are often concealed beneath the surface.
CVE-2023-30994: IBM QRadar SIEM information disclosure
This vulnerability exists due to weaker cryptographic algorithms, which can be decrypted by a threat actor, potentially leading to the retrieval of highly sensitive information. The severity for this vulnerability has been given as 5.9 (Medium).
Affected Products
Products affected by these vulnerabilities are mentioned below
| Affected Product | Version(s) | Fixed in Versions |
| IBM QRadar SIEM | 7.5.0 – 7.5.0 UP6 | 7.5.0 UP7 |
There is no evidence of these vulnerabilities being exploited by threat actors in the wild nor a publicly available exploit for exploiting this vulnerability.
However, several vulnerabilities were fixed as part of the security bulletin published by IBM for IBM QRadar SIEM. The severity of the vulnerabilities ranges from 3.7 (Low) to 9.8 (Critical).
Users of IBM QRadar SIEM are recommended to upgrade to the latest version of IBM QRadar to fix this vulnerability and prevent them from getting exploited by threat actors.