VYPR

Qradar Security Information And Event Manager

by IBM

CVEs (79)

  • CVE-2016-2881MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.

  • CVE-2016-9723MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

  • CVE-2016-9972MedJun 27, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2017-1234MedJun 27, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913.

  • CVE-2017-1133MedMar 7, 2017
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

  • CVE-2016-9725MedMar 7, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539.

  • CVE-2016-9720MedMar 7, 2017
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar 7.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM Reference #: 1999533.

  • CVE-2016-2869MedNov 30, 2016
    risk 0.35cvss 5.4epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL.

  • CVE-2016-2872MedJul 2, 2016
    risk 0.35cvss 5.3epss 0.02

    Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.

  • CVE-2015-4957MedFeb 15, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2015-2005MedFeb 15, 2016
    risk 0.35cvss 5.3epss 0.01

    IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation.

  • CVE-2015-7409MedJan 1, 2016
    risk 0.35cvss 5.4epss 0.01

    Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.

  • CVE-2015-2007MedJan 3, 2016
    risk 0.33cvss 5.0epss 0.01

    Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.

  • CVE-2015-2008MedFeb 15, 2016
    risk 0.29cvss 4.4epss 0.01

    IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.

  • CVE-2016-9730MedMar 7, 2017
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Reference #: 1999549.

  • CVE-2016-2877LowNov 30, 2016
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.

  • CVE-2016-2874LowNov 30, 2016
    risk 0.20cvss 3.1epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2868LowJul 2, 2016
    risk 0.18cvss 2.7epss 0.01

    IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2025-36051Mar 19, 2026
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.

  • CVE-2025-13995Mar 19, 2026
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.