CVSS: 4.8EPSS: 0%CPEs: 14EXPL: 0CVE-2022-22320
https://notcve.org/view.php?id=CVE-2022-22320
11 May 2022 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcional... • https://exchange.xforce.ibmcloud.com/vulnerabilities/218367 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 18EXPL: 0CVE-2022-22345
https://notcve.org/view.php?id=CVE-2022-22345
27 Apr 2022 — IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. IBM QRadar versiones 7.3, 7.4 y 7.5, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funciona... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220041 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38939
https://notcve.org/view.php?id=CVE-2021-38939
27 Apr 2022 — IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, almacena información potencialmente confidencial en archivos de registro que podría ser leída por un usuario con acceso a la creación de dominios. IBM X-Force ID: 211037 • https://exchange.xforce.ibmcloud.com/vulnerabilities/211037 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38919
https://notcve.org/view.php?id=CVE-2021-38919
27 Apr 2022 — IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, en algunos escenarios puede revelar tokens de servicio autorizados a otros usuarios de QRadar. IBM X-Force ID: 210021 • https://exchange.xforce.ibmcloud.com/vulnerabilities/210021 •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38878
https://notcve.org/view.php?id=CVE-2021-38878
27 Apr 2022 — IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. IBM QRadar versiones 7.3, 7.4 y 7.5, podrían permitir a un actor malicioso hacerse pasar por otro actor debido al intercambio de claves sin autenticación de entidades. IBM X-Force ID: 208756 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208756 •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38874
https://notcve.org/view.php?id=CVE-2021-38874
27 Apr 2022 — IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, permite que usuarios accedan a la información a través de los límites del arrendatario y del dominio en algunas situaciones. IBM X-Force ID: 208397 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208397 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38869
https://notcve.org/view.php?id=CVE-2021-38869
27 Apr 2022 — IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. En algunas situaciones, IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, puede no cerrar la sesión de usuarios de forma automática cuando superan el tiempo de espera. IBM X-Force ID: 208341 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208341 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-29776
https://notcve.org/view.php?id=CVE-2021-29776
27 Apr 2022 — IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, podría permitir a un usuario autenticado obtener información confidencial del tablero de instrumentos de otro usuario proporcionando el ID del tablero de ese usuario. IBM X-Force ID: 203030 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203030 •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29863
https://notcve.org/view.php?id=CVE-2021-29863
01 Dec 2021 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo server side request forgery (SSRF). • https://exchange.xforce.ibmcloud.com/vulnerabilities/206087 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29849
https://notcve.org/view.php?id=CVE-2021-29849
01 Dec 2021 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funciona... • https://exchange.xforce.ibmcloud.com/vulnerabilities/205281 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •