CVE-2023-47726 – This vulnerability in IBM QRadar Suite and Clou... (How to Fix)

Q: What is the severity of CVE-2023-47726?

CVE-2023-47726 has a CVSS score of 7.1 (HIGH). This vulnerability in IBM QRadar Suite and Cloud Pak for Security allows authenticated users to execute arbitrary commands due to improper input validation. It affects versions 1.10.12.0 through 1.10.21.0. Attackers with valid credentials could potentially gain unauthorized system access.

📋 TL;DR

This vulnerability in IBM QRadar Suite and Cloud Pak for Security allows authenticated users to execute arbitrary commands due to improper input validation. It affects versions 1.10.12.0 through 1.10.21.0. Attackers with valid credentials could potentially gain unauthorized system access.

💻 Affected Systems

Products:

IBM QRadar Suite Software
IBM Cloud Pak for Security

Versions: 1.10.12.0 through 1.10.21.0

Operating Systems: Linux-based systems running IBM software

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access; default configurations are vulnerable if within affected version range.

📦 What is this software?

Cloud Pak For Security by Ibm

View all CVEs affecting Cloud Pak For Security →

Qradar Suite by Ibm

View all CVEs affecting Qradar Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Authenticated attacker gains full system compromise, executes arbitrary commands with elevated privileges, and potentially pivots to other systems.

🟠

Likely Case

Authenticated user exploits the vulnerability to execute limited commands, potentially accessing sensitive data or disrupting services.

🟢

If Mitigated

With proper authentication controls and network segmentation, impact is limited to authorized users within their permitted scope.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires authenticated access and knowledge of vulnerable endpoints; no public exploit code known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.10.21.0

Vendor Advisory: https://www.ibm.com/support/pages/node/7157750

Restart Required: Yes

Instructions:

1. Review IBM advisory. 2. Apply IBM-provided patches. 3. Restart affected services. 4. Verify patch installation.

🔧 Temporary Workarounds

Restrict User Access

all

Limit authenticated user access to minimum required privileges.

Network Segmentation

all

Isolate affected systems from critical infrastructure.

🧯 If You Can't Patch

Implement strict access controls and monitor authenticated user activity.
Deploy network-based intrusion detection for command execution patterns.

🔍 How to Verify

Check if Vulnerable:

Check IBM QRadar/Cloud Pak version via admin console or command: 'cat /opt/ibm/si/version.txt'

Check Version:

cat /opt/ibm/si/version.txt

Verify Fix Applied:

Verify version is above 1.10.21.0 and check IBM patch logs.

📡 Detection & Monitoring

Log Indicators:

Unusual command execution patterns in application logs
Authentication logs showing unexpected user activity

Network Indicators:

Suspicious outbound connections from QRadar/Cloud Pak systems

SIEM Query:

source="qradar" AND (event="command_execution" OR event="shell")

📊 Metadata

CVE ID: CVE-2023-47726

CVSS v3 Score: 7.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CWE: CWE-1287

Published: June 18, 2024

Last Updated: August 8, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/272087 Vendor Advisory
https://https://www.ibm.com/support/pages/node/7157750 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/272087 Vendor Advisory
https://https://www.ibm.com/support/pages/node/7157750 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47726, you might also want to check these: