IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Qradar_security_information_and_event_manager | Ibm | 7.4.0 (including) | 7.4.3 (excluding) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3 (including) | 7.4.3 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_1 (including) | 7.4.3-fix_pack_1 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_2 (including) | 7.4.3-fix_pack_2 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_3 (including) | 7.4.3-fix_pack_3 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_4 (including) | 7.4.3-fix_pack_4 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_5 (including) | 7.4.3-fix_pack_5 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_6 (including) | 7.4.3-fix_pack_6 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_7 (including) | 7.4.3-fix_pack_7 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.4.3-fix_pack_8 (including) | 7.4.3-fix_pack_8 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.5.0 (including) | 7.5.0 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.5.0-update_pack_1 (including) | 7.5.0-update_pack_1 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.5.0-update_pack_2 (including) | 7.5.0-update_pack_2 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.5.0-update_pack_3 (including) | 7.5.0-update_pack_3 (including) |
Qradar_security_information_and_event_manager | Ibm | 7.5.0-update_pack_4 (including) | 7.5.0-update_pack_4 (including) |