Description
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Published: 2026-03-19
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Scripting leading to credential disclosure within a trusted session
Action: Immediate Patch
AI Analysis

Impact

IBM QRadar SIEM 7.5.0 through Update Pack 14 contains a stored cross‑site scripting flaw that allows an authenticated user to inject and execute arbitrary JavaScript within the web interface, potentially exfiltrating session credentials or performing actions on behalf of the user. This is a classic XSS weakness, identified as CWE‑79, which directly compromises the confidentiality of session data.

Affected Systems

The vulnerability affects IBM QRadar SIEM version 7.5.0 and any of its Update Packs 1 through 14. Systems running these versions or applying any of the listed update packs are at risk.

Risk and Exploitability

With a CVSS score of 5.4 and an EPSS of less than 1 %, exploitation is moderately difficult and unlikely to be widely automated. The vulnerability requires an authenticated user with access to the UI, implying that attackers must first compromise or gain legitimate credentials. Because the flaw is not listed in CISA’s KEV catalog, it is not known to be actively exploited in the wild. Nevertheless, attackers could leverage this to hijack sessions and exfiltrate sensitive credentials within an otherwise trusted session.

Generated by OpenCVE AI on March 24, 2026 at 22:29 UTC.

Remediation

Vendor Solution

ProductVersionFixIBM QRadar SIEM 7.5.0 7.5.0 UP15 https://www.ibm.com/support/fixcentral/swg/selectFixes  ( Release Notes https://www.ibm.com/support/pages/node/7257011 )

OpenCVE Recommended Actions

  • Install IBM QRadar SIEM 7.5.0 Update Pack 15
  • Verify that the update deploys successfully and test the web interface for any remaining XSS payloads
  • If the update cannot be applied, restrict access to the web UI and remove privilege of users who are not required to use the affected functionality

Generated by OpenCVE AI on March 24, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 24 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_10:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_7:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_8:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_9:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel

Thu, 19 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Title IBM QRadar SIEM Cross-Site Scripting
First Time appeared Ibm
Ibm qradar Security Information And Event Manager
Weaknesses CWE-79
CPEs cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*
Vendors & Products Ibm
Ibm qradar Security Information And Event Manager
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}

Subscriptions

Ibm Qradar Security Information And Event Manager
Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-03-19T17:00:43.668Z

Reserved: 2026-01-20T21:59:24.894Z

Link: CVE-2026-1276

cve-icon Vulnrichment

Updated: 2026-03-19T17:00:40.294Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T03:16:01.657

Modified: 2026-03-24T21:13:48.700

Link: CVE-2026-1276

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:30Z

Weaknesses