Severity by source
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
Analysis
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
Technical ContextAI
Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls. This vulnerability is classified as Insertion of Sensitive Information into Log File (CWE-532).
RemediationAI
Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.
IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 contains a privilege escalation vulnerability that allows a
IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 contain an XML External Entity (XXE) injection vulnerabilit
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.8), this vulnerability is remot
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be rea
IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unautho
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), thi
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigure
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. Rated medium severity (CV
IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-25799