CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38874
https://notcve.org/view.php?id=CVE-2021-38874
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, permite que usuarios accedan a la información a través de los límites del arrendatario y del dominio en algunas situaciones. IBM X-Force ID: 208397 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208397 https://www.ibm.com/support/pages/node/6574787 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38869
https://notcve.org/view.php?id=CVE-2021-38869
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. En algunas situaciones, IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, puede no cerrar la sesión de usuarios de forma automática cuando superan el tiempo de espera. IBM X-Force ID: 208341 • https://exchange.xforce.ibmcloud.com/vulnerabilities/208341 https://www.ibm.com/support/pages/node/6574787 • CWE-384: Session Fixation •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2021-29776
https://notcve.org/view.php?id=CVE-2021-29776
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. IBM QRadar SIEM versiones 7.3, 7.4 y 7.5, podría permitir a un usuario autenticado obtener información confidencial del tablero de instrumentos de otro usuario proporcionando el ID del tablero de ese usuario. IBM X-Force ID: 203030 • https://exchange.xforce.ibmcloud.com/vulnerabilities/203030 https://www.ibm.com/support/pages/node/6574787 •
CVSS: 5.4EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29863
https://notcve.org/view.php?id=CVE-2021-29863
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo server side request forgery (SSRF). • https://exchange.xforce.ibmcloud.com/vulnerabilities/206087 https://www.ibm.com/support/pages/node/6520490 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 17EXPL: 0CVE-2021-29849
https://notcve.org/view.php?id=CVE-2021-29849
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/205281 https://www.ibm.com/support/pages/node/6520476 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •