CVE-2025-36051
Received
Received - Intake
Information Disclosure in IBM QRadar SIEM Configuration Files
Publication date: 2026-03-19
Last updated on: 2026-03-24
Assigner: IBM Corporation
Description
Description
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-538 | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
