What is the vulnerability ID for this IBM QRadar vulnerability?

The vulnerability ID for this IBM QRadar vulnerability is CVE-2023-43041.

What is the severity of CVE-2023-43041?

The severity of CVE-2023-43041 is medium with a CVSS score of 6.5.

What is the affected software for CVE-2023-43041?

The affected software for CVE-2023-43041 is IBM QRadar SIEM version 7.5 - 7.5.0 UP7.

How can an attacker exploit this vulnerability?

An attacker can exploit this vulnerability by leveraging incomplete fix for CVE-2022-34352 to gain unauthorized access to data from other domains.

Are there any known fixes or mitigations for CVE-2023-43041?

IBM has provided a fix for this vulnerability. Please refer to the IBM support page for detailed information on the fix.

Vulnerability/
CVE-2023-43041

medium

6.5

CWE

200

27/10/2023

29/10/2023

6/9/2024

CVE-2023-43041: IBM QRadar information disclosure

First published: Fri Oct 27 2023(Updated: )

IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar SIEM	<=7.5 - 7.5.0 UP7
IBM QRadar Security Information and Event Manager	=7.5.0
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_1
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_2
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_3
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_4
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_5
IBM QRadar Security Information and Event Manager	=7.5.0-update_pack_6

Remedy

https://www.ibm.com/support/pages/node/7060803

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7060803

Frequently Asked Questions

What is the vulnerability ID for this IBM QRadar vulnerability?
The vulnerability ID for this IBM QRadar vulnerability is CVE-2023-43041.
What is the severity of CVE-2023-43041?
The severity of CVE-2023-43041 is medium with a CVSS score of 6.5.
What is the affected software for CVE-2023-43041?
The affected software for CVE-2023-43041 is IBM QRadar SIEM version 7.5 - 7.5.0 UP7.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by leveraging incomplete fix for CVE-2022-34352 to gain unauthorized access to data from other domains.
Are there any known fixes or mitigations for CVE-2023-43041?
IBM has provided a fix for this vulnerability. Please refer to the IBM support page for detailed information on the fix.

collector/nvd-api
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/last-modified-date
agent/weakness
agent/severity
agent/title
agent/author
agent/tags
agent/description
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.5.0
version/ibm qradar security information and event manager/7.5.0-update_pack_1
version/ibm qradar security information and event manager/7.5.0-update_pack_2
version/ibm qradar security information and event manager/7.5.0-update_pack_3
version/ibm qradar security information and event manager/7.5.0-update_pack_4
version/ibm qradar security information and event manager/7.5.0-update_pack_5
version/ibm qradar security information and event manager/7.5.0-update_pack_6
canonical/ibm qradar siem
version/ibm qradar siem/7.5 - 7.5.0 up7