CVE-2021-38939

MEDIUM

IBM QRadar SIEM <7.5 - Info Disclosure

Title source: llm
STIX 2.1

Description

IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6574787
VDB Entry, Vendor Advisory vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/211037

Scores

CVSS v3 5.3
EPSS 0.0028
EPSS Percentile 51.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-532
Status published
Products (4)
ibm/qradar_security_information_and_event_manager 7.3.3 (10 CPE variants)
ibm/qradar_security_information_and_event_manager 7.4.3 (4 CPE variants)
ibm/qradar_security_information_and_event_manager 7.5.0
ibm/qradar_security_information_and_event_manager 7.3.0 - 7.3.3
Published Apr 27, 2022
Tracked Since Feb 18, 2026