CVE-2018-1728 : Security Advisory and Response

IBM QRadar SIEM 7.2 and 7.3 are vulnerable to cross-site scripting, potentially leading to credential exposure during trusted sessions.

Understanding CVE-2018-1728

This CVE involves a vulnerability in IBM QRadar SIEM versions 7.2 and 7.3 that allows attackers to insert malicious JavaScript code into the Web UI, impacting its functionality and potentially revealing sensitive information.

What is CVE-2018-1728?

The vulnerability in IBM QRadar SIEM 7.2 and 7.3 enables cross-site scripting, permitting the injection of JavaScript code into the Web UI.
Attackers can exploit this flaw to disrupt the intended operation of the system and potentially expose credentials during trusted sessions.

The Impact of CVE-2018-1728

CVSS Base Score: 5.4 (Medium Severity)
Attack Vector: Network
Exploit Code Maturity: High
User Interaction: Required
Scope: Changed
This vulnerability has a medium impact, affecting confidentiality, integrity, and availability.

Technical Details of CVE-2018-1728

Vulnerability Description

The flaw in IBM QRadar SIEM versions 7.2 and 7.3 allows for cross-site scripting, enabling the insertion of JavaScript code into the Web UI.

Affected Systems and Versions

Affected Systems: IBM QRadar SIEM 7.2 and 7.3

Exploitation Mechanism

Attackers can exploit this vulnerability by injecting malicious JavaScript code into the Web UI, potentially compromising the system's security.

Mitigation and Prevention

Immediate Steps to Take

Apply the official fix provided by IBM to address the vulnerability.
Regularly monitor and restrict user access to prevent unauthorized activities.

Long-Term Security Practices

Conduct regular security assessments and penetration testing to identify and address vulnerabilities.
Educate users on safe browsing practices and the risks associated with cross-site scripting.

Patching and Updates

Ensure that all systems running IBM QRadar SIEM are updated with the latest security patches and fixes.