IBM QRadar SIEM Vulnerability Let Attackers Perform Unauthorized Actions
A critical permission misconfiguration in the IBM QRadar Security Information and Event Management (SIEM) platform could allow local privileged users to manipulate configuration files without authorization. A local user with existing high-level privileges, such as a system administrator or support engineer, can exploit the flawed file system permissions to alter key configuration parameters, modify logging policies, or disable detection rules. Attackers could script automated modifications by invoking shell commands against protected paths.
These unauthorized changes may persist until remedied by manual intervention, and could frustrate incident response efforts by masking malicious activity in audit logs or allowing further unauthorized actions without detection.