CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4825
https://notcve.org/view.php?id=CVE-2014-4825
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no implementa debidamente conexiones seguras, lo que permite a atacantes man-in-the-middle descubrir credenciales en texto claro a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95575 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4833
https://notcve.org/view.php?id=CVE-2014-4833
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a usuarios remotos autenticados ganar privilegios a través de entradas inválidas. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95583 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4830
https://notcve.org/view.php?id=CVE-2014-4830
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a esta cookie. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 http://www.securityfocus.com/bid/71077 https://exchange.xforce.ibmcloud.com/vulnerabilities/95580 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4828
https://notcve.org/view.php?id=CVE-2014-4828
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos realizar ataques de clickjacking a través de una solicitud HTTP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95578 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4827
https://notcve.org/view.php?id=CVE-2014-4827
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •