U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*
  • CPE Name Search: true
There are 15 matching records.
Displaying matches 1 through 15.
Vuln ID Summary CVSS Severity
CVE-2023-50950

IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.

Published: January 17, 2024; 12:15:11 PM -0500 		V3.1: 5.3 MEDIUM
 V2.0:(not available)
CVE-2023-47146

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.

Published: December 19, 2023; 5:15:07 PM -0500 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2023-43057

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

Published: November 11, 2023; 11:15:31 AM -0500 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-43041

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.

Published: October 28, 2023; 9:15:41 PM -0400 		V3.1: 4.9 MEDIUM
 V2.0:(not available)
CVE-2023-40367

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.

Published: October 14, 2023; 1:15:09 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-30994

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Published: October 14, 2023; 1:15:09 PM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2023-26276

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.

Published: June 27, 2023; 2:15:12 PM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2023-26274

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.

Published: June 27, 2023; 2:15:12 PM -0400 		V3.1: 5.4 MEDIUM
 V2.0:(not available)
CVE-2023-26273

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

Published: June 27, 2023; 2:15:12 PM -0400 		V3.1: 4.3 MEDIUM
 V2.0:(not available)
CVE-2022-34352

IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.

Published: June 27, 2023; 2:15:11 PM -0400 		V3.1: 6.5 MEDIUM
 V2.0:(not available)
CVE-2022-43863

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

Published: March 22, 2023; 6:15:12 PM -0400 		V3.1: 7.2 HIGH
 V2.0:(not available)
CVE-2022-34351

IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.

Published: February 17, 2023; 2:15:11 PM -0500 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2022-30613

IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.

Published: October 07, 2022; 1:15:10 PM -0400 		V3.1: 5.5 MEDIUM
 V2.0:(not available)
CVE-2022-22480

IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.

Published: October 07, 2022; 1:15:09 PM -0400 		V3.1: 7.5 HIGH
 V2.0:(not available)
CVE-2022-22424

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.

Published: July 20, 2022; 2:15:08 PM -0400 		V3.1: 5.5 MEDIUM
 V2.0:(not available)