QRadar SIEM
by IBM
CVEs (197)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-29779 | Med | 0.38 | 5.9 | 0.01 | Dec 1, 2021 | IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. | ||
| CVE-2019-4594 | Med | 0.38 | 5.9 | 0.01 | Apr 15, 2020 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle… | ||
| CVE-2019-4264 | Med | 0.38 | 5.9 | 0.01 | May 29, 2019 | IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072. | ||
| CVE-2017-1695 | Med | 0.38 | 5.9 | 0.01 | Feb 15, 2019 | IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177. | ||
| CVE-2018-1650 | Med | 0.38 | 5.9 | 0.00 | Dec 5, 2018 | IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656. | ||
| CVE-2016-9972 | Med | 0.38 | 5.9 | 0.01 | Jun 27, 2017 | IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM… | ||
| CVE-2017-1721 | Med | 0.37 | 5.6 | 0.01 | Apr 26, 2018 | IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810. | ||
| CVE-2022-30613 | Med | 0.36 | 5.5 | 0.00 | Oct 7, 2022 | IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366. | ||
| CVE-2022-22424 | Med | 0.36 | 5.5 | 0.00 | Jul 20, 2022 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. | ||
| CVE-2020-4510 | Med | 0.36 | 5.5 | 0.02 | Jul 14, 2020 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365. | ||
| CVE-2023-40367 | Med | 0.35 | 5.4 | 0.00 | Oct 14, 2023 | IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376. | ||
| CVE-2023-30994 | Med | 0.35 | 5.4 | 0.00 | Oct 14, 2023 | IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138 | ||
| CVE-2021-39041 | Med | 0.35 | 5.3 | 0.01 | Jul 12, 2022 | IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028. | ||
| CVE-2021-38939 | Med | 0.35 | 5.3 | 0.01 | Apr 27, 2022 | IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. | ||
| CVE-2021-20429 | Med | 0.35 | 5.3 | 0.01 | May 14, 2021 | IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334. | ||
| CVE-2020-4929 | Med | 0.35 | 5.4 | 0.01 | May 5, 2021 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | ||
| CVE-2020-4364 | Med | 0.35 | 5.4 | 0.01 | Jul 14, 2020 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:… | ||
| CVE-2020-4274 | Med | 0.35 | 5.4 | 0.01 | Apr 15, 2020 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | ||
| CVE-2020-4268 | Med | 0.35 | 5.4 | 0.01 | Apr 15, 2020 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM… | ||
| CVE-2019-4559 | Med | 0.35 | 5.3 | 0.01 | Jan 10, 2020 | IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355. |
- risk 0.38cvss 5.9epss 0.01
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.
- risk 0.38cvss 5.9epss 0.01
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…
- risk 0.38cvss 5.9epss 0.01
IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.
- risk 0.38cvss 5.9epss 0.01
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.
- risk 0.38cvss 5.9epss 0.00
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.
- risk 0.38cvss 5.9epss 0.01
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…
- risk 0.37cvss 5.6epss 0.01
IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.
- risk 0.36cvss 5.5epss 0.00
IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.
- risk 0.36cvss 5.5epss 0.00
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.
- risk 0.36cvss 5.5epss 0.02
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365.
- risk 0.35cvss 5.4epss 0.00
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.
- risk 0.35cvss 5.4epss 0.00
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
- risk 0.35cvss 5.3epss 0.01
IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028.
- risk 0.35cvss 5.3epss 0.01
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
- risk 0.35cvss 5.3epss 0.01
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.
- risk 0.35cvss 5.4epss 0.01
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- risk 0.35cvss 5.4epss 0.01
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…
- risk 0.35cvss 5.4epss 0.01
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.
- risk 0.35cvss 5.4epss 0.01
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…
- risk 0.35cvss 5.3epss 0.01
IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355.
Page 5 of 10