Cyber Security

IBM QRadar XSS Flaw Let Attackers Arbitrary JavaScript Code

A significant vulnerability was detected in IBM QRadar Suite Software and Cloud Pak for Security, allowing attackers to execute arbitrary JavaScript code.

An attacker can insert harmful executable scripts into the code of a reliable program or website via stored cross-site scripting, which affects IBM QRadar Suite Software and Cloud Pak for Security.

The IBM QRadar Suite Software aids in threat detection and response and is built to help your security teams outsmart threats with speed, accuracy, and efficiency.

The Cloud Pak for Security can connect disparate data sources — to uncover hidden threats and make better risk-based decisions — while leaving the data where it resides. 

CVE-2023-47731 – IBM QRadar Suite Software Cross-Site Scripting

With a CVSS base score of 5.4, this medium-severity vulnerability has been identified as CVE-2023-47731

Stored cross-site scripting vulnerability affects IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0. 

Because of this vulnerability, users can insert any JavaScript code into the Web UI, changing the intended functionality and perhaps exposing credentials inside of a trusted session.

“This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session”, reads the IBM X-Force Vulnerability Report.

When untrusted data enters a web application—usually through a web request—the web program dynamically creates a web page with the untrusted data on it, which can lead to cross-site scripting (XSS) vulnerabilities.

The application does not stop the data from containing content—such as JavaScript, HTML tags, HTML attributes, mouse events, Flash, ActiveX, etc.—that can be executed by a web browser while the page is being generated.

Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

The victim views the created webpage using a web browser. The webpage has a malicious script inserted using untrustworthy data.

Hence, the malicious script is executed by the victim’s web browser within the web server’s domain since it originates from a webpage sent by the web server.

Affected Products

  • IBM Cloud Pak for Security 1.10.0.0
  • IBM Cloud Pak for Security 1.10.11.0
  • IBM QRadar Suite Software 1.10.12.0
  • IBM QRadar Suite Software 1.10.19.0

Therefore, to resolve this vulnerability, you are advised to apply the patch, upgrade, or recommended workaround information as soon as feasible.

Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP.

Guru Baran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

LATRODECTUS Loader Getting Popular Among Cybercriminals, Is It Replacing ICEDID!

Hackers use loaders to bypass security measures and run harmful code in a genuine process's…

18 mins ago

30+ Tesla Cars Hacked Using Third-Party Software

A security researcher identified a vulnerability in TeslaLogger, a third-party software used to collect data…

1 day ago

How to Use Threat Intelligence Feeds for SOC/DFIR Teams

Threat intelligence feeds provide real-time updates on indicators of compromise (IOCs), such as malicious IPs…

1 day ago

YARA-X, The Malware Researchers Toolbox Evolved

Malware experts all over the world can't do their jobs without YARA. YARA has been…

2 days ago

SugarGh0st RAT Attacking Organizations & Individuals in AI Research

The cybersecurity company Proofpoint has found a new operation using the SugarGh0st Remote Access Trojan…

2 days ago

New Cyber Attack Targeting Facebook Business Accounts

The email campaign impersonates the Facebook Ads Team to trick users into clicking a malicious…

2 days ago