CVE-2022-43863

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-43863
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.

6.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/239425 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6964862 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/239425 VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6964862 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_4:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_5:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_6:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_7:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.4.3:fix_pack_8:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

No history.

Information

Published : 2023-03-22 22:15

Updated : 2024-11-21 07:27

NVD link : CVE-2022-43863

Mitre link : CVE-2022-43863

CVE.ORG link : CVE-2022-43863

JSON object : View

Products Affected

ibm

  • qradar_security_information_and_event_manager

linux

  • linux_kernel
CWE
CWE-20

Improper Input Validation

CWE-269

Improper Privilege Management