VYPR

QRadar SIEM

by IBM

CVEs (197)

  • CVE-2020-4511MedJul 14, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.

  • CVE-2020-4151MedApr 14, 2020
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201.

  • CVE-2017-1723MedApr 26, 2018
    risk 0.42cvss 6.5epss 0.03

    IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

  • CVE-2016-9750MedMay 15, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207.

  • CVE-2016-9729MedMar 7, 2017
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Reference #: 1999545.

  • CVE-2016-2881MedNov 30, 2016
    risk 0.42cvss 6.5epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.

  • CVE-2020-4294MedApr 15, 2020
    risk 0.41cvss 6.3epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404.

  • CVE-2020-4271MedApr 15, 2020
    risk 0.41cvss 6.3epss 0.02

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897.

  • CVE-2017-1722MedApr 26, 2018
    risk 0.41cvss 6.3epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 134811.

  • CVE-2021-29849MedDec 1, 2021
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2021-20392MedMay 14, 2021
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted…

  • CVE-2021-20397MedMay 5, 2021
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4513MedJul 14, 2020
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2019-4581MedNov 9, 2019
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force…

  • CVE-2018-2021MedJul 17, 2019
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2017-1724MedApr 26, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2017-1623MedJan 10, 2018
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121.

  • CVE-2016-9723MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.01

    IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

  • CVE-2023-26276MedJun 27, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.

  • CVE-2022-34351MedFeb 17, 2023
    risk 0.38cvss 5.9epss 0.00

    IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.

Page 4 of 10