IBM » Qradar Security Information And Event Manager : Security Vulnerabilities, CVEs, CVSS score >= 7
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-10-14
Updated
2023-10-18
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 248147.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-06-27
Updated
2023-07-05
IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. IBM X-Force ID: 244356.
Max CVSS
8.4
EPSS Score
0.09%
Published
2023-01-17
Updated
2023-01-25
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425.
Max CVSS
7.2
EPSS Score
0.08%
Published
2023-03-22
Updated
2023-03-28
IBM QRadar SIEM 7.4 and 7.5 is vulnerable to information exposure allowing a non-tenant user with a specific domain security profile assigned to see some data from other domains. IBM X-Force ID: 230402.
Max CVSS
7.5
EPSS Score
0.11%
Published
2023-02-17
Updated
2023-03-01
IBM QRadar SIEM 7.4 and 7.5 data node rebalancing does not function correctly when using encrypted hosts which could result in information disclosure. IBM X-Force ID: 225889.
Max CVSS
7.5
EPSS Score
0.13%
Published
2022-10-07
Updated
2022-10-09
IBM QRadar SIEM 7.3, 7.4, and 7.5 is vulnerable to local privilege escalation if this could be combined with other unknown vulnerabilities then privilege escalation could be performed. IBM X-Force ID: 216111.
Max CVSS
7.8
EPSS Score
0.04%
Published
2022-07-28
Updated
2022-08-04
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
Max CVSS
7.5
EPSS Score
0.11%
Published
2022-04-27
Updated
2022-07-12
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.
Max CVSS
7.5
EPSS Score
0.06%
Published
2022-04-27
Updated
2022-05-04
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.
Max CVSS
9.8
EPSS Score
0.15%
Published
2022-04-27
Updated
2022-05-04
IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 202015.
Max CVSS
7.5
EPSS Score
0.08%
Published
2022-07-20
Updated
2022-07-26
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 201778.
Max CVSS
7.5
EPSS Score
0.11%
Published
2021-09-15
Updated
2021-09-28
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 196075.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-05-05
Updated
2021-05-07
IBM QRadar SIEM 7.3 and 7.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 196074.
Max CVSS
7.5
EPSS Score
0.11%
Published
2021-12-01
Updated
2021-12-02
IBM Qradar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 196073.
Max CVSS
9.1
EPSS Score
0.16%
Published
2021-07-27
Updated
2021-08-04
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 8 and 7.4.0 to 7.4.3 GA uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 194448.
Max CVSS
7.5
EPSS Score
0.11%
Published
2021-07-26
Updated
2022-07-12
IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245.
Max CVSS
8.1
EPSS Score
0.12%
Published
2021-05-05
Updated
2021-05-07
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538.
Max CVSS
9.8
EPSS Score
0.15%
Published
2021-05-05
Updated
2022-05-03
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-05-05
Updated
2021-05-07
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.
Max CVSS
9.0
EPSS Score
11.97%
Published
2021-01-28
Updated
2021-02-02
IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.
Max CVSS
9.1
EPSS Score
0.18%
Published
2020-07-14
Updated
2020-07-14
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365.
Max CVSS
7.6
EPSS Score
0.12%
Published
2020-07-14
Updated
2020-07-14
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364.
Max CVSS
7.6
EPSS Score
0.10%
Published
2020-06-04
Updated
2020-06-05
IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861.
Max CVSS
8.1
EPSS Score
0.08%
Published
2020-08-11
Updated
2020-08-11
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.
Max CVSS
9.0
EPSS Score
39.81%
Published
2020-10-08
Updated
2022-06-29