Inclusion of Sensitive Information in Log Files in QRadar Suite and IBM Cloud Pak for Security - CVE-2023-50951

 

Inclusion of Sensitive Information in Log Files in QRadar Suite and IBM Cloud Pak for Security - CVE-2023-50951

Published: February 19, 2024


Vulnerability identifier: #VU86581
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-50951
CWE-ID: CWE-532
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: IBM Corporation
Affected software:
QRadar Suite
IBM Cloud Pak for Security

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to IBM QRadar Suite and IBM Cloud Pak for Security in some circumstances will log some sensitive information about invalid authorization attempts. A local user can read the log files and gain access to sensitive data.


How to mitigate CVE-2023-50951

Install updates from vendor's website.

Sources