What is CVE-2021-38939?

CVE-2021-38939 is a vulnerability in IBM QRadar SIEM that allows an unauthorized user to read potentially sensitive information stored in log files.

How does CVE-2021-38939 impact IBM QRadar SIEM?

CVE-2021-38939 can be exploited by a user with access to creating domains to read sensitive information in log files.

What is the severity of CVE-2021-38939?

The severity of CVE-2021-38939 is low, with a severity value of 3.7.

How can I fix CVE-2021-38939 in IBM QRadar SIEM version 7.5.0 GA?

To fix CVE-2021-38939 in IBM QRadar SIEM version 7.5.0 GA, apply the patch available at [IBM QRadar SIEM 7.5.0-QRADAR-QRSIEM-20220215133427 patch](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220215133427&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true).

How can I fix CVE-2021-38939 in IBM QRadar SIEM version 7.4.3 GA - 7.4.3 FP4?

To fix CVE-2021-38939 in IBM QRadar SIEM version 7.4.3 GA - 7.4.3 FP4, apply the patch available at [IBM QRadar SIEM 7.4.3-QRADAR-QRSIEM-20220307203834 patch](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220307203834&includeRequisites=1&includeSupersedes=0&downloadMethod=http).

How can I fix CVE-2021-38939 in IBM QRadar SIEM version 7.3.3 GA - 7.3.3 FP10?

To fix CVE-2021-38939 in IBM QRadar SIEM version 7.3.3 GA - 7.3.3 FP10, apply the patch available at [IBM QRadar SIEM 7.3.3-QRADAR-QRSIEM-20220318161607 patch](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220318161607&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR).

Vulnerability/
CVE-2021-38939

medium

5.3

CWE

532

12/4/2022

25/4/2022

4/8/2024

CVE-2021-38939

First published: Tue Apr 12 2022(Updated: )

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	>=7.3.0<7.3.3
IBM QRadar Security Information and Event Manager	>=7.4.0<7.4.3
IBM QRadar Security Information and Event Manager	=7.3.3
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_1
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_2
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_3
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_4
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_5
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_6
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_7
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_8
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_9
IBM QRadar Security Information and Event Manager	=7.4.3
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_1
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_2
IBM QRadar Security Information and Event Manager	=7.4.3-fix_pack_3
IBM QRadar Security Information and Event Manager	=7.5.0
Linux Linux kernel
IBM QRadar SIEM	<=7.5.0 GA
IBM QRadar SIEM	<=7.4.3 GA - 7.4.3 FP4
IBM QRadar SIEM	<=7.3.3 GA - 7.3.3 FP10

Remedy

https://www.ibm.com/support/pages/node/6574787

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6574787

Frequently Asked Questions

What is CVE-2021-38939?
CVE-2021-38939 is a vulnerability in IBM QRadar SIEM that allows an unauthorized user to read potentially sensitive information stored in log files.
How does CVE-2021-38939 impact IBM QRadar SIEM?
CVE-2021-38939 can be exploited by a user with access to creating domains to read sensitive information in log files.
What is the severity of CVE-2021-38939?
The severity of CVE-2021-38939 is low, with a severity value of 3.7.
How can I fix CVE-2021-38939 in IBM QRadar SIEM version 7.5.0 GA?
To fix CVE-2021-38939 in IBM QRadar SIEM version 7.5.0 GA, apply the patch available at [IBM QRadar SIEM 7.5.0-QRADAR-QRSIEM-20220215133427 patch](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.5.0-QRADAR-QRSIEM-20220215133427&includeRequisites=1&includeSupersedes=0&downloadMethod=http&login=true).
How can I fix CVE-2021-38939 in IBM QRadar SIEM version 7.4.3 GA - 7.4.3 FP4?
To fix CVE-2021-38939 in IBM QRadar SIEM version 7.4.3 GA - 7.4.3 FP4, apply the patch available at [IBM QRadar SIEM 7.4.3-QRADAR-QRSIEM-20220307203834 patch](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=All&platform=Linux&function=fixId&fixids=7.4.3-QRADAR-QRSIEM-20220307203834&includeRequisites=1&includeSupersedes=0&downloadMethod=http).
How can I fix CVE-2021-38939 in IBM QRadar SIEM version 7.3.3 GA - 7.3.3 FP10?
To fix CVE-2021-38939 in IBM QRadar SIEM version 7.3.3 GA - 7.3.3 FP10, apply the patch available at [IBM QRadar SIEM 7.3.3-QRADAR-QRSIEM-20220318161607 patch](https://www.ibm.com/support/fixcentral/swg/downloadFixes?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+Vulnerability+Manager&release=All&platform=All&function=fixId&fixids=7.3.3-QRADAR-QRSIEM-20220318161607&includeRequisites=1&includeSupersedes=0&downloadMethod=http&source=SAR).

collector/nvd-index
agent/references
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/author
agent/weakness
agent/severity
agent/remedy
agent/tags
agent/description
agent/event
collector/mitre-cve
source/MITRE
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.3.0
version/ibm qradar security information and event manager/7.4.0
version/ibm qradar security information and event manager/7.3.3
version/ibm qradar security information and event manager/7.3.3-fix_pack_1
version/ibm qradar security information and event manager/7.3.3-fix_pack_2
version/ibm qradar security information and event manager/7.3.3-fix_pack_3
version/ibm qradar security information and event manager/7.3.3-fix_pack_4
version/ibm qradar security information and event manager/7.3.3-fix_pack_5
version/ibm qradar security information and event manager/7.3.3-fix_pack_6
version/ibm qradar security information and event manager/7.3.3-fix_pack_7
version/ibm qradar security information and event manager/7.3.3-fix_pack_8
version/ibm qradar security information and event manager/7.3.3-fix_pack_9
version/ibm qradar security information and event manager/7.4.3
version/ibm qradar security information and event manager/7.4.3-fix_pack_1
version/ibm qradar security information and event manager/7.4.3-fix_pack_2
version/ibm qradar security information and event manager/7.4.3-fix_pack_3
version/ibm qradar security information and event manager/7.5.0
vendor/linux
canonical/linux linux kernel
canonical/ibm qradar siem
version/ibm qradar siem/7.5.0 ga
version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10