CVE-2023-47727 – This vulnerability in IBM Cloud Pak for Securit... (How to Fix)

Q: What is the severity of CVE-2023-47727?

CVE-2023-47727 has a CVSS score of 4.3 (MEDIUM). This vulnerability in IBM Cloud Pak for Security and IBM QRadar Suite Software allows authenticated users to modify dashboard parameters due to improper input validation. It affects versions 1.10.0.0 through 1.10.11.0 of Cloud Pak for Security and 1.10.12.0 through 1.10.20.0 of QRadar Suite. Attackers could potentially manipulate dashboard settings to view unauthorized data or disrupt monitoring capabilities.

📋 TL;DR

This vulnerability in IBM Cloud Pak for Security and IBM QRadar Suite Software allows authenticated users to modify dashboard parameters due to improper input validation. It affects versions 1.10.0.0 through 1.10.11.0 of Cloud Pak for Security and 1.10.12.0 through 1.10.20.0 of QRadar Suite. Attackers could potentially manipulate dashboard settings to view unauthorized data or disrupt monitoring capabilities.

💻 Affected Systems

Products:

IBM Cloud Pak for Security
IBM QRadar Suite Software

Versions: Cloud Pak for Security: 1.10.0.0 through 1.10.11.0; QRadar Suite: 1.10.12.0 through 1.10.20.0

Operating Systems: Linux-based platforms running IBM software

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user access to dashboard functionality. All deployments within affected version ranges are vulnerable unless patched.

📦 What is this software?

Cloud Pak For Security by Ibm

View all CVEs affecting Cloud Pak For Security →

Qradar Suite by Ibm

View all CVEs affecting Qradar Suite →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An authenticated attacker could modify dashboard parameters to access sensitive data from other users' dashboards, manipulate monitoring displays to hide malicious activity, or disrupt security operations by corrupting dashboard configurations.

🟠

Likely Case

Authenticated users with dashboard access could modify parameters to customize views beyond their intended permissions, potentially viewing data they shouldn't have access to or altering dashboard functionality.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to minor dashboard configuration changes that can be detected and reverted without data loss or system compromise.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access to the dashboard interface. The vulnerability involves improper input validation that could be exploited through normal dashboard parameter manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: IBM Cloud Pak for Security 1.10.12.0 and later; IBM QRadar Suite Software 1.10.21.0 and later

Vendor Advisory: https://www.ibm.com/support/pages/node/7149968

Restart Required: Yes

Instructions:

1. Download the appropriate fix from IBM Fix Central. 2. Backup current configuration. 3. Apply the patch following IBM's installation instructions. 4. Restart affected services. 5. Verify dashboard functionality post-update.

🔧 Temporary Workarounds

Restrict Dashboard Access

all

Limit dashboard access to only necessary users through role-based access controls

Monitor Dashboard Changes

all

Implement logging and monitoring for dashboard parameter modifications

🧯 If You Can't Patch

Implement strict access controls to limit dashboard access to trusted users only
Enable detailed audit logging for all dashboard modifications and review logs regularly

🔍 How to Verify

Check if Vulnerable:

Check the installed version of IBM Cloud Pak for Security or QRadar Suite against affected version ranges

Check Version:

For IBM Cloud Pak for Security: Check the version in the administration console or use 'oc get pods' to inspect container versions. For QRadar Suite: Check the version in the QRadar Console under Admin > System and License Management.

Verify Fix Applied:

Verify the software version is at or above the patched versions: Cloud Pak for Security >= 1.10.12.0 or QRadar Suite >= 1.10.21.0

📡 Detection & Monitoring

Log Indicators:

Unusual dashboard parameter modifications
Multiple failed dashboard access attempts followed by successful modifications
Dashboard configuration changes from unexpected user accounts

Network Indicators:

Increased API calls to dashboard configuration endpoints
Unusual patterns in dashboard-related HTTP requests

SIEM Query:

source="ibm_security" AND (event_type="dashboard_modification" OR action="parameter_change") | stats count by user, dashboard_name

📊 Metadata

CVE ID: CVE-2023-47727

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-1287

Published: May 2, 2024

Last Updated: August 13, 2025

🔗 References

https://exchange.xforce.ibmcloud.com/vulnerabilities/272089 Vendor Advisory
https://www.ibm.com/support/pages/node/7149968 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/272089 Vendor Advisory
https://www.ibm.com/support/pages/node/7149968 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47727, you might also want to check these: