IBM QRadar XSS Flaw Let Attackers Arbitrary JavaScript Code
A big vulnerability used to be detected in IBM QRadar Suite Utility and Cloud Pak for Security, allowing attackers to manufacture arbitrary JavaScript code.
An attacker can insert irascible executable scripts into the code of a legitimate program or web role by technique of kept imperfect-role scripting, which affects IBM QRadar Suite Utility and Cloud Pak for Security.
The IBM QRadar Suite Utility aids in menace detection and response and is built to reduction your security teams outsmart threats with tempo, accuracy, and efficiency.
The Cloud Pak for Security can connect disparate recordsdata sources — to present hidden threats and manufacture greater menace-primarily based choices — whereas leaving the records where it resides.
CVE-2023-47731 – IBM QRadar Suite Utility Corrupt-House Scripting
With a CVSS tainted ranking of 5.4, this medium-severity vulnerability has been identified as CVE-2023-47731.
Stored imperfect-role scripting vulnerability affects IBM Cloud Pak for Security 1.10.0.0 by 1.10.11.0 and IBM QRadar Suite Utility 1.10.12.0 by 1.10.19.0.
Which capability that of this vulnerability, customers can insert any JavaScript code into the Web UI, changing the intended performance and maybe exposing credentials interior of a trusted session.
“This vulnerability permits customers to embed arbitrary JavaScript code within the Web UI thus altering the intended performance potentially leading to credentials disclosure within a trusted session”, reads the IBM X-Force Vulnerability Narrative.
When untrusted recordsdata enters a web utility—assuredly by a web ask—the rep program dynamically creates a web page with the untrusted recordsdata on it, that can consequence in imperfect-role scripting (XSS) vulnerabilities.
The utility does now not pause the records from containing assert material—equivalent to JavaScript, HTML tags, HTML attributes, mouse events, Flash, ActiveX, etc.—that might maybe maybe be performed by a web browser whereas the web page is being generated.
The victim views the created webpage the usage of a web browser. The webpage has a malicious script inserted the usage of untrustworthy recordsdata.
Which capability that of this fact, the malicious script is performed by the victim’s web browser for the length of the rep server’s arena since it originates from a webpage despatched by the rep server.
Affected Products
- IBM Cloud Pak for Security 1.10.0.0
- IBM Cloud Pak for Security 1.10.11.0
- IBM QRadar Suite Utility 1.10.12.0
- IBM QRadar Suite Utility 1.10.19.0
Which capability that of this fact, to resolve this vulnerability, you would be educated to practice the patch, enhance, or urged workaround recordsdata as soon as most likely.
Source credit : cybersecuritynews.com