CVE-2021-38869
https://notcve.org/view.php?id=CVE-2021-38869
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. En algunas situaciones, IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, puede no cerrar la sesión de usuarios de forma automática cuando superan el tiempo de espera. IBM X-Force ID: 208341 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208341 https://www.ibm.com/support/pages/node/6574787 • CWE-384: Session Fixation •
CVE-2021-29776
https://notcve.org/view.php?id=CVE-2021-29776
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, podría permitir a un usuario autenticado obtener información confidencial del tablero de instrumentos de otro usuario proporcionando el ID del tablero de ese usuario. IBM X-Force ID: 203030 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203030 https://www.ibm.com/support/pages/node/6574787 •
CVE-2021-29863
https://notcve.org/view.php?id=CVE-2021-29863
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo server side request forgery (SSRF). • https://exchange.xforce.ibmcloud.com/vulnerabilities/206087 https://www.ibm.com/support/pages/node/6520490 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-29849
https://notcve.org/view.php?id=CVE-2021-29849
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/205281 https://www.ibm.com/support/pages/node/6520476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-29779
https://notcve.org/view.php?id=CVE-2021-29779
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the server performing key exchange without entity authentication on inter-host communications using man in the middle techniques. IBM X-Force ID: 203033. IBM QRadar SIEM versiones 7.3 y 7.4, podría permitir a un atacante obtener información confidencial debido a que el servidor lleva a cabo un intercambio de claves sin autenticación de entidades en las comunicaciones entre hosts utilizando técnicas de tipo man in the middle. IBM X-Force ID: 203033 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203033 https://www.ibm.com/support/pages/node/6520484 •