VYPR

QRadar SIEM

by IBM

CVEs (197)

  • CVE-2017-1622LowDec 5, 2018
    risk 0.24cvss 3.7epss 0.01

    IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

  • CVE-2021-20396LowJun 11, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar Analyst Workflow App 1.0 through 1.18.0 for IBM QRadar SIEM allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 196009.

  • CVE-2021-20391LowMay 14, 2021
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.

  • CVE-2019-4054LowJul 17, 2019
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563.

  • CVE-2016-2877LowNov 30, 2016
    risk 0.21cvss 3.3epss 0.00

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file.

  • CVE-2016-2874LowNov 30, 2016
    risk 0.20cvss 3.1epss 0.01

    IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

  • CVE-2016-2868LowJul 2, 2016
    risk 0.18cvss 2.7epss 0.01

    IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

  • CVE-2020-4787LowJan 27, 2021
    risk 0.15cvss 2.3epss 0.00

    IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration…

  • CVE-2018-1725LowNov 5, 2020
    risk 0.15cvss 2.3epss 0.00

    IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. IBM X-Force ID: 147440.

  • CVE-2025-36051Mar 19, 2026
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user.

  • CVE-2025-13995Mar 19, 2026
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account.

  • CVE-2025-15051Mar 19, 2026
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality.

  • CVE-2024-56464Dec 9, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update.

  • CVE-2025-33119Nov 12, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user.

  • CVE-2025-36138Oct 27, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2025-36170Oct 27, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to…

  • CVE-2025-36007Oct 27, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.

  • CVE-2025-0164Sep 14, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.

  • CVE-2025-36042Aug 22, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2025-33120Aug 22, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.

Page 8 of 10