CVE-2024-56464

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

Weakness

The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory.

Affected Software

Potential Mitigations

References

https://www.ibm.com/support/pages/node/7253664

NVD	https://nvd.nist.gov/vuln/detail/CVE-2024-56464
CWE	https://cwe.mitre.org/data/definitions/548.html

Name	Vendor	Start Version	End Version
Qradar_security_information_and_event_manager	Ibm	7.5.0 (including)	7.5.0 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_1 (including)	7.5.0-update_pack_1 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_10 (including)	7.5.0-update_pack_10 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_11 (including)	7.5.0-update_pack_11 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_12 (including)	7.5.0-update_pack_12 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_13 (including)	7.5.0-update_pack_13 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_13_interim_fix_01 (including)	7.5.0-update_pack_13_interim_fix_01 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_13_interim_fix_02 (including)	7.5.0-update_pack_13_interim_fix_02 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_14 (including)	7.5.0-update_pack_14 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_14_interim_fix_01 (including)	7.5.0-update_pack_14_interim_fix_01 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_2 (including)	7.5.0-update_pack_2 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_3 (including)	7.5.0-update_pack_3 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_4 (including)	7.5.0-update_pack_4 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_5 (including)	7.5.0-update_pack_5 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_6 (including)	7.5.0-update_pack_6 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_7 (including)	7.5.0-update_pack_7 (including)
Qradar_security_information_and_event_manager	Ibm	7.5.0-update_pack_8 (including)	7.5.0-update_pack_8 (including)

Exposure of Information Through Directory Listing

Weakness

Affected Software

Potential Mitigations

References