Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qradar_security_information_and_event_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 175 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-08-01 | CVE-2025-33118 | IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 12 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Qradar_security_information_and_event_manager | 5.4 | ||
| 2024-05-14 | CVE-2024-27269 | IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575. | Qradar_security_information_and_event_manager | N/A | ||
| 2024-12-07 | CVE-2024-47107 | IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Qradar_security_information_and_event_manager | 5.4 | ||
| 2025-01-28 | CVE-2024-28786 | IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. | Qradar_security_information_and_event_manager | 6.5 | ||
| 2025-06-19 | CVE-2025-33117 | IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands. | Qradar_security_information_and_event_manager | 9.1 | ||
| 2025-06-19 | CVE-2025-33121 | IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | Qradar_security_information_and_event_manager | 7.1 | ||
| 2025-06-19 | CVE-2025-36050 | IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user. | Qradar_security_information_and_event_manager | 6.2 | ||
| 2014-09-24 | CVE-2014-6271 | GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka... | Mac_os_x, Eos, Ubuntu_linux, Security_gateway, Netscaler_sdx_firmware, Debian_linux, Arx_firmware, Big\-Ip_access_policy_manager, Big\-Ip_advanced_firewall_manager, Big\-Ip_analytics, Big\-Ip_application_acceleration_manager, Big\-Ip_application_security_manager, Big\-Ip_edge_gateway, Big\-Ip_global_traffic_manager, Big\-Ip_link_controller, Big\-Ip_local_traffic_manager, Big\-Ip_policy_enforcement_manager, Big\-Ip_protocol_security_module, Big\-Ip_wan_optimization_manager, Big\-Ip_webaccelerator, Big\-Iq_cloud, Big\-Iq_device, Big\-Iq_security, Enterprise_manager, Traffix_signaling_delivery_controller, Bash, Flex_system_v7000_firmware, Infosphere_guardium_database_activity_monitoring, Pureapplication_system, Qradar_risk_manager, Qradar_security_information_and_event_manager, Qradar_vulnerability_manager, San_volume_controller_firmware, Security_access_manager_for_mobile_8\.0_firmware, Security_access_manager_for_web_7\.0_firmware, Security_access_manager_for_web_8\.0_firmware, Smartcloud_entry_appliance, Smartcloud_provisioning, Software_defined_network_for_virtual_environments, Starter_kit_for_cloud, Stn6500_firmware, Stn6800_firmware, Stn7800_firmware, Storwize_v3500_firmware, Storwize_v3700_firmware, Storwize_v5000_firmware, Storwize_v7000_firmware, Workload_deployer, Mageia, Open_enterprise_server, Zenworks_configuration_management, Opensuse, Linux, Qts, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_big_endian, Enterprise_linux_for_power_big_endian_eus, Enterprise_linux_for_scientific_computing, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_from_rhui, Enterprise_linux_server_tus, Enterprise_linux_workstation, Gluster_storage_server_for_on\-Premise, Virtualization, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite, Esx, Vcenter_server_appliance | 9.8 | ||
| 2024-04-11 | CVE-2023-50949 | IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706. | Qradar_security_information_and_event_manager | 8.1 | ||
| 2024-03-27 | CVE-2023-50961 | IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939. | Qradar_security_information_and_event_manager | 5.4 |