Qradar Network Security
by IBM
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-1458 | Hig | 0.53 | 8.1 | 0.02 | Sep 5, 2017 | IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377. | ||
| CVE-2020-4159 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2022 | IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339. | ||
| CVE-2020-4157 | Hig | 0.49 | 7.5 | 0.01 | Jul 12, 2022 | IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337. | ||
| CVE-2017-1491 | Hig | 0.49 | 7.5 | 0.01 | Sep 5, 2017 | IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to… | ||
| CVE-2017-1457 | Med | 0.40 | 6.1 | 0.01 | Sep 5, 2017 | IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force… | ||
| CVE-2020-4160 | Med | 0.38 | 5.9 | 0.01 | Nov 8, 2021 | IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the… | ||
| CVE-2020-4152 | Med | 0.38 | 5.9 | 0.01 | Nov 8, 2021 | IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467. | ||
| CVE-2020-4153 | Med | 0.35 | 5.4 | 0.00 | Nov 8, 2021 | IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.… | ||
| CVE-2025-36376 | 0.00 | — | 0.00 | Feb 17, 2026 | IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | |||
| CVE-2025-36377 | 0.00 | — | 0.00 | Feb 17, 2026 | IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system. | |||
| CVE-2025-36379 | 0.00 | — | 0.00 | Feb 17, 2026 | IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | |||
| CVE-2024-38335 | 0.00 | — | 0.00 | Jul 22, 2025 | IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources. | |||
| CVE-2024-45638 | 0.00 | — | 0.00 | Mar 14, 2025 | IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user. | |||
| CVE-2024-45643 | 0.00 | — | 0.00 | Mar 14, 2025 | IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information. | |||
| CVE-2024-45100 | 0.00 | — | 0.01 | Jan 7, 2025 | IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. | |||
| CVE-2024-45640 | 0.00 | — | 0.00 | Jan 7, 2025 | IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | |||
| CVE-2023-33860 | 0.00 | — | 0.00 | Jul 10, 2024 | IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the… | |||
| CVE-2023-33859 | 0.00 | — | 0.00 | Jul 10, 2024 | IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. | |||
| CVE-2023-35006 | 0.00 | — | 0.00 | Jul 10, 2024 | IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. |
- risk 0.53cvss 8.1epss 0.02
IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.
- risk 0.49cvss 7.5epss 0.01
IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339.
- risk 0.49cvss 7.5epss 0.01
IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337.
- risk 0.49cvss 7.5epss 0.01
IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to…
- risk 0.40cvss 6.1epss 0.01
IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…
- risk 0.38cvss 5.9epss 0.01
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the…
- risk 0.38cvss 5.9epss 0.01
IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.
- risk 0.35cvss 5.4epss 0.00
IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.…
- CVE-2025-36376Feb 17, 2026risk 0.00cvss —epss 0.00
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
- CVE-2025-36377Feb 17, 2026risk 0.00cvss —epss 0.00
IBM Security QRadar EDR 3.12 through 3.12.23 does not invalidate session after a session expiration which could allow an authenticated user to impersonate another user on the system.
- CVE-2025-36379Feb 17, 2026risk 0.00cvss —epss 0.00
IBM Security QRadar EDR 3.12 through 3.12.23 IBM Security ReaQta uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
- CVE-2024-38335Jul 22, 2025risk 0.00cvss —epss 0.00
IBM Security QRadar Network Threat Analytics 1.0.0 through 1.3.1 could allow a privileged user to cause a denial of service due to improper allocation of resources.
- CVE-2024-45638Mar 14, 2025risk 0.00cvss —epss 0.00
IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.
- CVE-2024-45643Mar 14, 2025risk 0.00cvss —epss 0.00
IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.
- CVE-2024-45100Jan 7, 2025risk 0.00cvss —epss 0.01
IBM Security ReaQta 3.12 could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources.
- CVE-2024-45640Jan 7, 2025risk 0.00cvss —epss 0.00
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system.
- CVE-2023-33860Jul 10, 2024risk 0.00cvss —epss 0.00
IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the…
- CVE-2023-33859Jul 10, 2024risk 0.00cvss —epss 0.00
IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697.
- CVE-2023-35006Jul 10, 2024risk 0.00cvss —epss 0.00
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.