CVE-2023-22875 HIGH

CVE-2023-22875: IBM Security QRadar SIEM information disclosure

Vendor Ibm

Product Security QRadar SIEM

Weakness CWE-200 · Info exposure

Published January 17, 2023

Last update April 4, 2025

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

What the vulnerability does

01Description

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.

Key dates

02Disclosure timeline

January 17, 2023 CVE published

April 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-22875

Related vulnerabilities

04Related CVE

CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk CVE-2021-24164 Ninja Forms < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure CVE-2023-3349 Information exposure on IBERMATICA RPS CVE-2024-9541 News Kit Elementor Addons <= 1.2.1 - Authenticated (Contributor+) Sensitive Information Exposure via Canvas Menu Elementor Template CVE-2018-1059