Invocation of Process Using Visible Sensitive Information

CVE-2024-28799

Medium

5.6/10

Summary

IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 displays sensitive data improperly to a local privileged user, in non default configurations, during back-end commands which may result in the unexpected disclosure of this information. IBM X-Force ID: 287173.

Attack Complexity: HIGH
Attack Vector: LOCAL
Integrity Impact: NONE
Scope: CHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: NONE

CWE-214 - Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

References

Advisory Timeline

Published Aug 14, 2024

Invocation of Process Using Visible Sensitive Information

CVE-2024-28799

Summary

CWE-214 - Invocation of Process Using Visible Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS