CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2011
https://notcve.org/view.php?id=CVE-2015-2011
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. La secuencia de comandos xmlrpc.cgi Webmin en IBM QRadar SIEM 7.1 MR2 en versiones anteriores a Patch 11 IF02 y 7.2.x en versiones anteriores a 7.2.5 Patch 4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios de root a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21965817 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-2016
https://notcve.org/view.php?id=CVE-2015-2016
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors. Vulnerabilidad no especificada en IBM QRadar SIEM 7.1 MR2 en versiones anteriores a Patch 11 IF02 y 7.2.x en versiones anteriores a 7.2.5 Patch 4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios de root a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21965813 •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2015-4930
https://notcve.org/view.php?id=CVE-2015-4930
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access. IBM QRadar SIEM 7.1 MR2 en versiones anteriores a Patch 11 IF02 y 7.2.x en versiones anteriores a 7.2.5 Patch 4 permite a usuarios remotos autenticados ejecutar comandos arbitrarios con privilegios de root aprovechando el acceso de administrador. • http://www-01.ibm.com/support/docview.wss?uid=swg21965813 http://www.securityfocus.com/bid/76695 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.0EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6075
https://notcve.org/view.php?id=CVE-2014-6075
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, ponen credenciales en URLs, lo que permite a atacantes remotos obtener información sensible mediante la lectura de (1) los registros del acceso al servidor web, (2) los registros del referer del servidor web, o (3) el historial de navegación. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95727 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4832
https://notcve.org/view.php?id=CVE-2014-4832
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permiten a atacantes remotos obtener información sensible sobre cookies mediante la captura de trafico de la red durante una sesión HTTP. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95582 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •