IBM » Qradar Security Information And Event Manager : Security Vulnerabilities, CVEs, CVSS score >= 4
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.
Max CVSS
5.4
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939.
Max CVSS
4.8
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.
Max CVSS
5.3
EPSS Score
0.04%
Published
2024-01-17
Updated
2024-01-24
IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. IBM X-Force ID: 270372.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-12-19
Updated
2023-12-27
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-11-11
Updated
2023-11-16
IBM QRadar SIEM 7.5 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. This vulnerability is due to an incomplete fix for CVE-2022-34352. IBM X-Force ID: 266808.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-10-29
Updated
2023-11-07
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-10-14
Updated
2023-10-18
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-10-14
Updated
2023-10-18
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-06-27
Updated
2023-07-05
IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 248144.
Max CVSS
5.4
EPSS Score
0.04%
Published
2023-06-27
Updated
2023-07-05
IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134.
Max CVSS
4.3
EPSS Score
0.04%
Published
2023-06-27
Updated
2023-07-03
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.
Max CVSS
8.4
EPSS Score
0.09%
Published
2023-01-17
Updated
2023-01-25
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-03-22
Updated
2023-03-28
IBM QRadar SIEM 7.5.0 is vulnerable to information exposure allowing a delegated Admin tenant user with a specific domain security profile assigned to see data from other domains. IBM X-Force ID: 230403.
Max CVSS
6.5
EPSS Score
0.05%
Published
2023-06-27
Updated
2023-07-05
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.
Max CVSS
7.5
EPSS Score
0.11%
Published
2023-02-17
Updated
2023-03-01
IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-10-07
Updated
2022-10-08
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.
Max CVSS
7.5
EPSS Score
0.13%
Published
2022-10-07
Updated
2022-10-09
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file permissions. IBM X-Force ID: 223597.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-07-20
Updated
2022-07-26
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
Max CVSS
4.8
EPSS Score
0.05%
Published
2022-04-27
Updated
2022-05-04
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367.
Max CVSS
4.8
EPSS Score
0.05%
Published
2022-05-11
Updated
2022-05-19
IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-07-28
Updated
2022-08-04
IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028.
Max CVSS
5.3
EPSS Score
0.08%
Published
2022-07-12
Updated
2022-07-16
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
Max CVSS
5.3
EPSS Score
0.06%
Published
2022-04-27
Updated
2022-05-04
IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. IBM X-Force ID: 210893.
Max CVSS
4.9
EPSS Score
0.06%
Published
2022-07-20
Updated
2022-07-26
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
Max CVSS
7.5
EPSS Score
0.11%
Published
2022-04-27
Updated
2022-07-12