First published: Tue Apr 12 2022(Updated: )
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM QRadar Security Information and Event Manager | >=7.3.0<7.3.3 | |
IBM QRadar Security Information and Event Manager | >=7.4.0<7.4.3 | |
IBM QRadar Security Information and Event Manager | =7.3.3 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_1 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_2 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_3 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_4 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_5 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_6 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_7 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_8 | |
IBM QRadar Security Information and Event Manager | =7.3.3-fix_pack_9 | |
IBM QRadar Security Information and Event Manager | =7.4.3 | |
IBM QRadar Security Information and Event Manager | =7.4.3-fix_pack_1 | |
IBM QRadar Security Information and Event Manager | =7.4.3-fix_pack_2 | |
IBM QRadar Security Information and Event Manager | =7.4.3-fix_pack_3 | |
IBM QRadar Security Information and Event Manager | =7.5.0 | |
Linux Linux kernel | ||
<=7.5.0 GA | ||
<=7.4.3 GA - 7.4.3 FP4 | ||
<=7.3.3 GA - 7.3.3 FP10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29776 is a vulnerability that allows an authenticated user to obtain sensitive information from another user's dashboard in IBM QRadar SIEM.
An authenticated user can exploit CVE-2021-29776 by providing the dashboard ID of the targeted user.
CVE-2021-29776 has a severity rating of 3.1 (low).
Yes, IBM has released patches to address CVE-2021-29776. Please refer to the IBM QRadar SIEM product page for the appropriate patch.
You can find more information about CVE-2021-29776 on the IBM X-Force Exchange and the IBM Support website.