IBM QRadar XSS Flaw Arbitrary JavaScript

A significant vulnerability was detected in IBM QRadar Suite Software and Cloud Pak for Security, allowing attackers to execute arbitrary JavaScript code.

An attacker can insert harmful executable scripts into the code of a reliable program or website via stored cross-site scripting, which affects IBM QRadar Suite Software and Cloud Pak for Security.

The IBM QRadar Suite Software aids in threat detection and response and is built to help your security teams outsmart threats with speed, accuracy, and efficiency.

The Cloud Pak for Security can connect disparate data sources — to uncover hidden threats and make better risk-based decisions — while leaving the data where it resides. 

CVE-2023-47731 – IBM QRadar Suite Software Cross-Site Scripting

With a CVSS base score of 5.4, this medium-severity vulnerability has been identified as CVE-2023-47731

Stored cross-site scripting vulnerability affects IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0. 

Because of this vulnerability, users can insert any JavaScript code into the Web UI, changing the intended functionality and perhaps exposing credentials inside of a trusted session.

“This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session”, reads the IBM X-Force Vulnerability Report.

When untrusted data enters a web application—usually through a web request—the web program dynamically creates a web page with the untrusted data on it, which can lead to cross-site scripting (XSS) vulnerabilities.

The application does not stop the data from containing content—such as JavaScript, HTML tags, HTML attributes, mouse events, Flash, ActiveX, etc.—that can be executed by a web browser while the page is being generated.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

The victim views the created webpage using a web browser. The webpage has a malicious script inserted using untrustworthy data.

Hence, the malicious script is executed by the victim’s web browser within the web server’s domain since it originates from a webpage sent by the web server.

Affected Products

  • IBM Cloud Pak for Security 1.10.0.0
  • IBM Cloud Pak for Security 1.10.11.0
  • IBM QRadar Suite Software 1.10.12.0
  • IBM QRadar Suite Software 1.10.19.0

Therefore, to resolve this vulnerability, you are advised to apply the patch, upgrade, or recommended workaround information as soon as feasible.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.