CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6075
https://notcve.org/view.php?id=CVE-2014-6075
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, ponen credenciales en URLs, lo que permite a atacantes remotos obtener información sensible mediante la lectura de (1) los registros del acceso al servidor web, (2) los registros del referer del servidor web, o (3) el historial de navegación. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4829
https://notcve.org/view.php?id=CVE-2014-4829
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4832
https://notcve.org/view.php?id=CVE-2014-4832
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permiten a atacantes remotos obtener información sensible sobre cookies mediante la captura de trafico de la red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95582 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4825
https://notcve.org/view.php?id=CVE-2014-4825
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no implementa debidamente conexiones seguras, lo que permite a atacantes man-in-the-middle descubrir credenciales en texto claro a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95575 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4833
https://notcve.org/view.php?id=CVE-2014-4833
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a usuarios remotos autenticados ganar privilegios a través de entradas inválidas. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95583 • CWE-20: Improper Input Validation •