CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
35.0%
Non-Admin access to some admin level information was available if users had correct paths to the information. Checks were added to authorize access even when it is not initiated from the user interface.
CVEID:CVE-2022-36771
**DESCRIPTION:**IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/232791 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
QRadar User Behavior Analytics | 4.1.8 |
Upgrade to version 4.1.9
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | ibm_qradar_siem | 4.1.9 | cpe:2.3:a:ibm:ibm_qradar_siem:4.1.9:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
35.0%