CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2016
https://notcve.org/view.php?id=CVE-2015-2016
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors. Vulnerabilidad no especificada en IBM QRadar SIEM 7.1 MR2 en versiones anteriores a Patch 11 IF02 y 7.2.x en versiones anteriores a 7.2.5 Patch 4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios de root a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21965813 •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2011
https://notcve.org/view.php?id=CVE-2015-2011
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. La secuencia de comandos xmlrpc.cgi Webmin en IBM QRadar SIEM 7.1 MR2 en versiones anteriores a Patch 11 IF02 y 7.2.x en versiones anteriores a 7.2.5 Patch 4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios de root a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21965817 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6075
https://notcve.org/view.php?id=CVE-2014-6075
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, ponen credenciales en URLs, lo que permite a atacantes remotos obtener información sensible mediante la lectura de (1) los registros del acceso al servidor web, (2) los registros del referer del servidor web, o (3) el historial de navegación. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4829
https://notcve.org/view.php?id=CVE-2014-4829
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4832
https://notcve.org/view.php?id=CVE-2014-4832
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permiten a atacantes remotos obtener información sensible sobre cookies mediante la captura de trafico de la red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95582 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •