IBM CP4S & QRadar: Auth User Can Retrieve Version Info (v1.10.0.0v1.10.16.0)
CVE-2022-36777 Published on November 22, 2023
IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system. IBM X-Force ID: 233665.
Vulnerability Analysis
CVE-2022-36777 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2022-36777 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2022-36777
stack.watch emails you whenever new vulnerabilities are published in IBM Qradar Suite or IBM Cloud Pak For Security. Just hit a watch button to start following.
Affected Versions
IBM Cloud Pak for Security:- Version 1.10.0.0, <= 1.10.11.0 is affected.
- Version 1.10.12.0, <= 1.10.16.0 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.