IBM QRadar SIEM versions 7.3, 7.4, and 7.5 are vulnerable to cross-site scripting. Learn about CVE-2022-22345, its impact, technical details, and mitigation steps.
IBM QRadar versions 7.3, 7.4, and 7.5 are vulnerable to cross-site scripting (XSS) that allows attackers to inject arbitrary JavaScript code into the Web UI. This could potentially lead to unauthorized access and data disclosure.
Understanding CVE-2022-22345
This CVE identifies a medium-severity security vulnerability in IBM QRadar SIEM versions 7.3.3, 7.4.3, and 7.5.0 that could be exploited through cross-site scripting.
What is CVE-2022-22345?
CVE-2022-22345 is a cross-site scripting vulnerability in IBM QRadar SIEM versions 7.3, 7.4, and 7.5. Attackers can inject malicious JavaScript code into the Web UI, compromising the integrity of the system and potentially leading to credential disclosure.
The Impact of CVE-2022-22345
The impact of this vulnerability is rated as medium severity. If exploited, it could allow attackers to manipulate the Web UI functionality, leading to sensitive information disclosure within a trusted session.
Technical Details of CVE-2022-22345
The vulnerability is associated with a base CVSS score of 4.8 (Medium severity) with a vector String of CVSS:3.0/C:L/AV:N/AC:L/I:L/PR:H/S:C/A:N/UI:R/RL:O/E:H/RC:C. The attack complexity is low, requiring high privileges for successful exploitation, and user interaction is required.
Vulnerability Description
The vulnerability in IBM QRadar SIEM versions 7.3, 7.4, and 7.5 allows for cross-site scripting attacks, enabling threat actors to execute arbitrary JavaScript code within the Web UI.
Affected Systems and Versions
IBM QRadar SIEM versions 7.3.3, 7.4.3, and 7.5.0 are affected by this vulnerability.
Exploitation Mechanism
Exploiting this vulnerability requires attackers to inject malicious JavaScript code into the Web UI, potentially leading to unauthorized access and sensitive data disclosure.
Mitigation and Prevention
To address CVE-2022-22345, immediate steps should be taken followed by long-term security practices, and timely patching and updates are essential.
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates