CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1995
https://notcve.org/view.php?id=CVE-2015-1995
08 Nov 2015 — Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. Múltiples vulnerabilidades de XSS en IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21968326 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.4EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1996
https://notcve.org/view.php?id=CVE-2015-1996
08 Nov 2015 — IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation. IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 no previene el almacenamiento en caché de respuestas HTTPS, lo que permite a atacantes físicamente próximos obtener información sensible de caché local aprovechando una estación de trabaj... • http://www-01.ibm.com/support/docview.wss?uid=swg21970139 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1997
https://notcve.org/view.php?id=CVE-2015-1997
08 Nov 2015 — Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad CSRF en IBM Security QRadar Vulnerability Manager 7.2.x en versiones anteriores a 7.2.5 Patch 5 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios en peticiones que insertan secuencias XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21970140 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2015-1999
https://notcve.org/view.php?id=CVE-2015-1999
08 Nov 2015 — IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. IBM Security QRadar Incident Forensics 7.2.x en versiones anteriores a 7.2.5 Patch 5 pone IDs de sesión en URLs https, lo cual permite a atacantes remotos obtener información sensible mediante la lectura de (1) registros de acceso de servidor web, (2) re... • http://www-01.ibm.com/support/docview.wss?uid=swg21968269 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •