VYPR

QRadar SIEM

by IBM

CVEs (197)

  • CVE-2020-4993MedMay 5, 2021
    risk 0.32cvss 4.9epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905.

  • CVE-2022-22320MedMay 11, 2022
    risk 0.31cvss 4.8epss 0.00

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2022-22345MedApr 27, 2022
    risk 0.31cvss 4.8epss 0.02

    IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:…

  • CVE-2019-4654MedApr 15, 2020
    risk 0.31cvss 4.8epss 0.00

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965.

  • CVE-2016-9722MedJan 10, 2018
    risk 0.31cvss 4.2epss 0.12

    IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737.

  • CVE-2023-43057MedNov 11, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

  • CVE-2023-26274MedJun 27, 2023
    risk 0.30cvss 4.6epss 0.00

    IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.…

  • CVE-2015-2008MedFeb 15, 2016
    risk 0.29cvss 4.4epss 0.01

    IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive information by reading a backup archive.

  • CVE-2023-26273MedJun 27, 2023
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.

  • CVE-2021-38874MedApr 27, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.

  • CVE-2021-29776MedApr 27, 2022
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.

  • CVE-2021-29863MedDec 1, 2021
    risk 0.28cvss 4.3epss 0.00

    IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an…

  • CVE-2020-5032MedFeb 4, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178.

  • CVE-2020-4786MedJan 27, 2021
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration…

  • CVE-2019-4593MedApr 15, 2020
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM X-ForceID: 167743.

  • CVE-2019-4509MedNov 9, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. IBM X-Force ID: 164430.

  • CVE-2017-1624MedApr 4, 2018
    risk 0.27cvss 4.2epss 0.01

    IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 133122.

  • CVE-2018-1568MedDec 5, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118.

  • CVE-2017-1733MedApr 4, 2018
    risk 0.26cvss 4.0epss 0.00

    IBM QRadar 7.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 134914.

  • CVE-2023-50950LowJan 17, 2024
    risk 0.24cvss 3.7epss 0.00

    IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.

Page 7 of 10