Description
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.
Published: 2026-03-19
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Information Disclosure
Action: Immediate Patch
AI Analysis

Impact

IBM QRadar SIEM 7.5.0 and its Update Packages up to Update Package 14 contain a flaw that lets an authenticated user who can access one tenant retrieve hostname data belonging to another tenant. This reveals system configuration details that could assist an attacker in further reconnaissance or lateral movement. The vulnerability is classified as CWE‑1286, representing unintended disclosure of sensitive information.

Affected Systems

The affected product is IBM QRadar Security Information and Event Manager, version 7.5.0, including all incremental Update Packages 1 through 14. Installations of any of these builds are vulnerable; earlier releases or systems upgraded to Update Package 15 or later are not impacted.

Risk and Exploitability

The CVSS score of 5.0 indicates moderate severity, while the EPSS score of less than 1% signals a low likelihood of widespread exploitation. Based on the description, the attack requires legitimate access to one tenant, narrowing the risk to internal or privileged users. The vulnerability is not listed in the CISA KEV catalog and no public exploit is currently documented.

Generated by OpenCVE AI on March 23, 2026 at 20:28 UTC.

Remediation

Vendor Solution

ProductVersionFixIBM QRadar SIEM 7.5.0 7.5.0 UP15 https://www.ibm.com/support/fixcentral/swg/selectFixes  ( Release Notes https://www.ibm.com/support/pages/node/7257011 )

OpenCVE Recommended Actions

  • Apply IBM QRadar SIEM Update Package 15 (7.5.0 UP15) from IBM Fix Central.
  • Verify that the QRadar installation has been upgraded to a non‑vulnerable version before allowing tenant access.
  • If the upgrade cannot be performed immediately, restrict tenant access or isolate tenants into separate deployments to prevent cross‑tenant data exposure.

Generated by OpenCVE AI on March 23, 2026 at 20:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_10:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_7:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_8:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_9:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Fri, 20 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.
Title IBM QRadar SIEM Information Disclosure
First Time appeared Ibm
Ibm qradar Security Information And Event Manager
Weaknesses CWE-1286
CPEs cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*
Vendors & Products Ibm
Ibm qradar Security Information And Event Manager
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

Subscriptions

Ibm Qradar Security Information And Event Manager
Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-20T18:11:24.804Z

Reserved: 2025-12-03T20:00:25.471Z

Link: CVE-2025-13995

cve-icon Vulnrichment

Updated: 2026-03-20T17:57:23.461Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T03:16:01.053

Modified: 2026-03-23T18:07:04.383

Link: CVE-2025-13995

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:28Z

Weaknesses