CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1995
https://notcve.org/view.php?id=CVE-2015-1995
08 Nov 2015 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de XSS en IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21968326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1997
https://notcve.org/view.php?id=CVE-2015-1997
08 Nov 2015 — Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad CSRF en IBM Security QRadar Vulnerability Manager 7.2.x en versiones anteriores a 7.2.5 Patch 5 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios en peticiones que insertan secuencias XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21970140 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 2.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1996
https://notcve.org/view.php?id=CVE-2015-1996
08 Nov 2015 — IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation. IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 no previene el almacenamiento en caché de respuestas HTTPS, lo que permite a atacantes físicamente próximos obtener información sensible de caché local aprovechando una estación de trabaj... • http://www-01.ibm.com/support/docview.wss?uid=swg21970139 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1993
https://notcve.org/view.php?id=CVE-2015-1993
08 Nov 2015 — IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 no establece el indicador seguro para cookies no especificadas en una sesión https, lo cual hace que sea más fácil para atacantes remotos capturar estas cookies... • http://www-01.ibm.com/support/docview.wss?uid=swg21968270 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1994
https://notcve.org/view.php?id=CVE-2015-1994
08 Nov 2015 — IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de sesión, lo cual hace que sea más fácil para atacantes remotos obtener informació... • http://www-01.ibm.com/support/docview.wss?uid=swg21968271 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1989
https://notcve.org/view.php?id=CVE-2015-1989
08 Nov 2015 — SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21970116 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1999
https://notcve.org/view.php?id=CVE-2015-1999
08 Nov 2015 — IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 pone IDs de sesión en URLs https, lo cual permite a atacantes remotos obtener información sensible mediante la lectura de (1) registros de acceso de servidor web, (2) re... • http://www-01.ibm.com/support/docview.wss?uid=swg21968269 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2015-1919
https://notcve.org/view.php?id=CVE-2015-1919
30 Jun 2015 — Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar Incident Forensics anterior a 7.2.5 permite a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21960011 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •