VYPR

Qradar Network Security

by IBM

CVEs (19)

  • CVE-2017-1458HigSep 5, 2017
    risk 0.53cvss 8.1epss 0.02

    IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.

  • CVE-2020-4159HigJul 12, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339.

  • CVE-2020-4157HigJul 12, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337.

  • CVE-2017-1491HigSep 5, 2017
    risk 0.49cvss 7.5epss 0.01

    IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to…

  • CVE-2017-1457MedSep 5, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2020-4160MedNov 8, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…

  • CVE-2020-4152MedNov 8, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

  • CVE-2020-4153MedNov 8, 2021
    risk 0.35cvss 5.4epss 0.00

    IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…

  • CVE-2025-36376Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.

  • CVE-2025-36377Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.

  • CVE-2025-36379Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

  • CVE-2024-38335Jul 22, 2025
    risk 0.00cvss epss 0.00

    IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.

  • CVE-2024-45638Mar 14, 2025
    risk 0.00cvss epss 0.00

    IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

  • CVE-2024-45643Mar 14, 2025
    risk 0.00cvss epss 0.00

    IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.

  • CVE-2024-45100Jan 7, 2025
    risk 0.00cvss epss 0.01

    IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.

  • CVE-2024-45640Jan 7, 2025
    risk 0.00cvss epss 0.00

    IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.

  • CVE-2023-33860Jul 10, 2024
    risk 0.00cvss epss 0.00

    IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the…

  • CVE-2023-33859Jul 10, 2024
    risk 0.00cvss epss 0.00

    IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.

  • CVE-2023-35006Jul 10, 2024
    risk 0.00cvss epss 0.00

    IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.