VYPR

QRadar SIEM

by IBM

CVEs (197)

  • CVE-2025-33118Aug 1, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure…

  • CVE-2025-33097Jul 15, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 - 7.5.0 UP12 IF02 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a…

  • CVE-2025-33117Jun 19, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.

  • CVE-2025-33121Jun 19, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

  • CVE-2025-36050Jun 19, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.

  • CVE-2024-45638Mar 14, 2025
    risk 0.00cvss epss 0.00

    IBM Security QRadar 3.12 EDR stores user credentials in plain text which can be read by a local privileged user.

  • CVE-2024-45643Mar 14, 2025
    risk 0.00cvss epss 0.00

    IBM Security QRadar 3.12 EDR uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive credential information.

  • CVE-2024-56463Feb 14, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-28786Jan 27, 2025
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.

  • CVE-2024-47107Dec 7, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

  • CVE-2024-27269May 10, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.

  • CVE-2023-50949Apr 11, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.

  • CVE-2023-50961Mar 27, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: …

  • CVE-2024-28784Mar 27, 2024
    risk 0.00cvss epss 0.00

    IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.

  • CVE-2015-4930Oct 4, 2015
    risk 0.00cvss epss 0.02

    IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access.

  • CVE-2015-2016Oct 4, 2015
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors.

  • CVE-2015-2011Oct 4, 2015
    risk 0.00cvss epss 0.02

    The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

  • CVE-2014-6075Nov 28, 2014
    risk 0.00cvss epss 0.01

    IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server…

  • CVE-2014-4832Nov 28, 2014
    risk 0.00cvss epss 0.01

    IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.

  • CVE-2014-4831Nov 28, 2014
    risk 0.00cvss epss 0.01

    IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to hijack sessions via unspecified vectors.

Page 9 of 10