Page 14 of 79 results (0.021 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a esta cookie. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 http://www.securityfocus.com/bid/71077 https://exchange.xforce.ibmcloud.com/vulnerabilities/95580 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos realizar ataques de clickjacking a través de una solicitud HTTP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95578 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM 7.1.x y 7.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686480 http://www.securityfocus.com/bid/70379 https://exchange.xforce.ibmcloud.com/vulnerabilities/94257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0

Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security QRadar SIEM 7.1 MR2 y 7.2 MR2 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21683609 https://exchange.xforce.ibmcloud.com/vulnerabilities/93540 •