CVE-2023-50949

Published Apr 11, 2024

Last updated 2 months ago

CVSS medium 5.9

Overview

Description: IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.1
Impact score: 5.9
Exploitability score: 2.2
Vector string: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

psirt@us.ibm.com: CWE-295

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DACA17CC-8B71-4E71-B075-BFFB65AD989C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA60FDE5-8C40-4C7A-97CF-BA2A64BF307D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB518E06-00BA-48F3-8AEC-6E1E97CAA2CC"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "289027A2-178C-45DE-A86F-1207F23D13B1"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5047AECF-879B-427A-ACF7-ECB10965E1B0"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD448AB8-E3CC-41A1-9D32-B1B35C68FA5C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F4014E8-42E2-4B76-B2DA-8B50929A4AB5"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD0A459A-C74A-4E18-83B3-4C29D47D2C2B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "721EFDD7-EE35-430C-AF17-C54BDB10434E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References