CVE-2022-22424

Опубликовано: 20 июл. 2022

Источник: nvd

CVSS3: 5.1

CVSS3: 5.5

EPSS Низкий

Описание

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.

Ссылки

https://exchange.xforce.ibmcloud.com/vulnerabilities/223597
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6605433
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/223597
VDB Entry
Vendor Advisory
https://www.ibm.com/support/pages/node/6605433
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*

Версия от 7.3.0 (включая) до 7.3.3 (исключая)

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*

Версия от 7.4.0 (включая) до 7.4.3 (исключая)

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_10:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_11:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_3:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_4:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_5:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_6:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_7:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_8:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:fix_pack_9:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_1:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_2:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_3:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_4:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00028

Низкий

5.1 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-276

Связанные уязвимости

GHSA-6h74-22qj-hmh5

CVSS3: 5.5

github

больше 3 лет назад

IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.

EPSS

Процентиль: 8%

0.00028

Низкий

5.1 Medium

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-276