CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38383 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38383
28 Jun 2024 — IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Software Suite 1.10.12.0 a 1.10.21.0 permiten almacenar localmente páginas web que pueden ser leídas por otro usuario en el sistema. ID de IBM X-Force: 233673. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233673 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47727 – IBM QRadar Suite Software file manipulation
https://notcve.org/view.php?id=CVE-2023-47727
02 May 2024 — IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089. IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite Software 1.10.12.0 a 1.10.20.0 podrían permitir a un usuario autenticado modificar los parámetros del panel debido a una validación de entrada incorrecta. ID de IBM X-Force: 272089. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272089 • CWE-1287: Improper Validation of Specified Type of Input •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38386 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2022-38386
01 May 2024 — IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.11.0 e IBM QRadar Suite for Software 1.10.12.0 a 1.10.19.0 no configuran el atributo SameSite para cookies confidenciales que podrían permitir a un atacante ob... • https://exchange.xforce.ibmcloud.com/vulnerabilities/233778 • CWE-1275: Sensitive Cookie with Improper SameSite Attribute •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47731 – IBM QRadar Suite Software cross-site scripting
https://notcve.org/view.php?id=CVE-2023-47731
23 Apr 2024 — IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. IBM QRadar Suite Software 1.10.12.0 a 1.10.19.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 son vulnerables a cross-site scripting... • https://exchange.xforce.ibmcloud.com/vulnerabilities/272203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-28782 – IBM QRadar Suite Software information disclosure
https://notcve.org/view.php?id=CVE-2024-28782
03 Apr 2024 — IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. IBM QRadar Suite Software 1.10.12.0 a 1.10.18.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 almacenan las credenciales de usuario en texto sin formato que puede ser leído por un usuario autenticado. ID de IBM X-Force: 285698. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285698 • CWE-256: Plaintext Storage of a Password •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22355 – IBM QRadar Suite information dislosure
https://notcve.org/view.php?id=CVE-2024-22355
03 Mar 2024 — IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781. • https://exchange.xforce.ibmcloud.com/vulnerabilities/280781 • CWE-521: Weak Password Requirements •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-47742 – IBM QRadar Suite information dislosure
https://notcve.org/view.php?id=CVE-2023-47742
03 Mar 2024 — IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances. IBM X-Force ID: 272533. • https://exchange.xforce.ibmcloud.com/vulnerabilities/272533 • CWE-295: Improper Certificate Validation CWE-300: Channel Accessible by Non-Endpoint •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39090 – IBM Cloud Pak for Security information disclosure
https://notcve.org/view.php?id=CVE-2021-39090
29 Feb 2024 — IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 216388. IBM Cloud Pak for Security (CP4S) 1.10.0.0 a 1.10.6.0 podría permitir que un atacante remoto obtenga información confidencial, causada por no habilitar correctamente HTTP Strict T... • https://exchange.xforce.ibmcloud.com/vulnerabilities/216388 • CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-50951 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2023-50951
17 Feb 2024 — IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts. IBM X-Force ID: 275747. IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 en algunas circunstancias registrarán información confidencial sobre intentos de autorización no válidos. ID de IBM X-Force: 275747. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275747 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-22337 – IBM QRadar Suite information disclosure
https://notcve.org/view.php?id=CVE-2024-22337
17 Feb 2024 — IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. IBM QRadar Suite 1.10.12.0 a 1.10.17.0 e IBM Cloud Pak for Security 1.10.0.0 a 1.10.11.0 almacenan información potencialmente confidencial en archivos de registro que un usuario local podría leer. ID de IBM X-Force: 279977. • https://exchange.xforce.ibmcloud.com/vulnerabilities/279977 • CWE-532: Insertion of Sensitive Information into Log File •