Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qradar_security_information_and_event_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 165 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-04-14 | CVE-2020-4151 | IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201. | Qradar_security_information_and_event_manager | 6.5 | ||
| 2020-04-15 | CVE-2020-4271 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897. | Qradar_security_information_and_event_manager | 6.3 | ||
| 2020-04-15 | CVE-2020-4268 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 175841. | Qradar_security_information_and_event_manager | 5.4 | ||
| 2020-04-15 | CVE-2020-4269 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845. | Qradar_security_information_and_event_manager | 7.5 | ||
| 2020-04-15 | CVE-2020-4270 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. | Qradar_security_information_and_event_manager | 7.8 | ||
| 2020-04-15 | CVE-2020-4272 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898. | Qradar_security_information_and_event_manager | 8.8 | ||
| 2020-04-15 | CVE-2020-4274 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | Qradar_security_information_and_event_manager | 5.4 | ||
| 2020-04-15 | CVE-2020-4294 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404. | Qradar_security_information_and_event_manager | 6.3 | ||
| 2020-06-04 | CVE-2020-4509 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. | Qradar_security_information_and_event_manager | 7.6 | ||
| 2020-07-14 | CVE-2020-4364 | IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178961. | Qradar_security_information_and_event_manager | 5.4 |