CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4830
https://notcve.org/view.php?id=CVE-2014-4830
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a esta cookie. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 http://www.securityfocus.com/bid/71077 https://exchange.xforce.ibmcloud.com/vulnerabilities/95580 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4828
https://notcve.org/view.php?id=CVE-2014-4828
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos realizar ataques de clickjacking a través de una solicitud HTTP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95578 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4827
https://notcve.org/view.php?id=CVE-2014-4827
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3091
https://notcve.org/view.php?id=CVE-2014-3091
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM 7.1.x y 7.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686480 http://www.securityfocus.com/bid/70379 https://exchange.xforce.ibmcloud.com/vulnerabilities/94257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2014-3062
https://notcve.org/view.php?id=CVE-2014-3062
Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security QRadar SIEM 7.1 MR2 y 7.2 MR2 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21683609 https://exchange.xforce.ibmcloud.com/vulnerabilities/93540 •