VYPR

QRadar SIEM

by IBM

CVEs (197)

  • CVE-2021-29779MedDec 1, 2021
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033.

  • CVE-2019-4594MedApr 15, 2020
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle…

  • CVE-2019-4264MedMay 29, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.

  • CVE-2017-1695MedFeb 15, 2019
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.

  • CVE-2018-1650MedDec 5, 2018
    risk 0.38cvss 5.9epss 0.00

    IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656.

  • CVE-2016-9972MedJun 27, 2017
    risk 0.38cvss 5.9epss 0.01

    IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM…

  • CVE-2017-1721MedApr 26, 2018
    risk 0.37cvss 5.6epss 0.01

    IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

  • CVE-2022-30613MedOct 7, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.

  • CVE-2022-22424MedJul 20, 2022
    risk 0.36cvss 5.5epss 0.00

    IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.

  • CVE-2020-4510MedJul 14, 2020
    risk 0.36cvss 5.5epss 0.02

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365.

  • CVE-2023-40367MedOct 14, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.

  • CVE-2023-30994MedOct 14, 2023
    risk 0.35cvss 5.4epss 0.00

    IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

  • CVE-2021-39041MedJul 12, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028.

  • CVE-2021-38939MedApr 27, 2022
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.

  • CVE-2021-20429MedMay 14, 2021
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.

  • CVE-2020-4929MedMay 5, 2021
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4364MedJul 14, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2020-4274MedApr 15, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980.

  • CVE-2020-4268MedApr 15, 2020
    risk 0.35cvss 5.4epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM…

  • CVE-2019-4559MedJan 10, 2020
    risk 0.35cvss 5.3epss 0.01

    IBM QRadar SIEM 7.3.0 through 7.3.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 166355.

Page 5 of 10