Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Qradar_security_information_and_event_manager
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 165 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-07-17 | CVE-2019-4054 | IBM QRadar SIEM 7.2 and 7.3 could allow a local user to obtain sensitive information when exporting content that could aid an attacker in further attacks against the system. IBM X-Force ID: 156563. | Qradar_security_information_and_event_manager | 3.3 | ||
| 2019-07-17 | CVE-2019-4211 | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159131. | Qradar_security_information_and_event_manager | 5.4 | ||
| 2019-07-25 | CVE-2019-4212 | IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 159132. | Qradar_security_information_and_event_manager | 8.8 | ||
| 2022-07-20 | CVE-2022-22424 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597. | Qradar_security_information_and_event_manager | 5.5 | ||
| 2022-07-20 | CVE-2021-29755 | IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015. | Qradar_security_information_and_event_manager | 7.5 | ||
| 2022-07-12 | CVE-2021-39041 | IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028. | Qradar_security_information_and_event_manager | 5.3 | ||
| 2021-07-16 | CVE-2020-4980 | IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data at rest. IBM X-Force ID: 192539. | Qradar_security_information_and_event_manager | 6.5 | ||
| 2021-07-26 | CVE-2021-20337 | IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448. | Qradar_security_information_and_event_manager | 7.5 | ||
| 2021-08-13 | CVE-2021-29880 | IBM QRadar SIEM 7.4.3 GA - 7.4.3 Fix Pack 1 when using domains or multi-tenancy could be vulnerable to information disclosure between tenants by routing SIEM data to the incorrect domain. IBM X-Force ID: 206979. | Qradar_security_information_and_event_manager | 6.5 | ||
| 2022-04-27 | CVE-2021-29776 | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. | Qradar_security_information_and_event_manager | 4.3 |