IBM QRadar & Cloud Pak: Weak Password Policy (1.10.12-1.10.18)
CVE-2024-22355 Published on March 3, 2024

IBM QRadar Suite information dislosure
IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-22355 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. Authentication mechanisms often rely on a memorized secret (also known as a password) to provide an assertion of identity for a user of a system. It is therefore important that this password be of sufficient complexity and impractical for an adversary to guess. The specific requirements around how complex a password needs to be depends on the type of system being protected. Selecting the correct password requirements and enforcing them through implementation are critical to the overall success of the authentication mechanism.


Products Associated with CVE-2024-22355

stack.watch emails you whenever new vulnerabilities are published in IBM Cloud Pak For Security or IBM Qradar Suite. Just hit a watch button to start following.

IBM Cloud Pak For Security
 
IBM Qradar Suite
 

Affected Versions

IBM QRadar Suite Products: IBM Cloud Pak for Security:

Exploit Probability

EPSS
0.06%
Percentile
19.00%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.