CVSS: 8.8EPSS: 0%CPEs: 7EXPL: 0CVE-2015-2009
https://notcve.org/view.php?id=CVE-2015-2009
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el servicio xmlrpc.cgi en IBM QRadar SIEM, en versiones 7.1 anteriores a MR2 Patch 11 Interim Fix 02 y versiones 7.2.x anteriores a 7.2.5 Patch 4, permite que atacantes remotos secuestren la autenticación de usuarios arbitrarios para peticiones que inserten secuencias XSS mediante vectores relacionados con webmin. IBM X-Force ID: 103921. • http://www-01.ibm.com/support/docview.wss?uid=swg21965821 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1623
https://notcve.org/view.php?id=CVE-2017-1623
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121. IBM Qradar 7.2 y 7.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • http://www.ibm.com/support/docview.wss?uid=swg22012344 http://www.securityfocus.com/bid/102476 https://exchange.xforce.ibmcloud.com/vulnerabilities/133121 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 10EXPL: 2CVE-2016-9722 – IBM QRadar SIEM Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2016-9722
IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 119737. IBM QRadar 7.2 y 7.3 especifica permisos para un recurso crítico para la seguridad de forma que permite que ese recurso sea leído o modificado por actores no planeados. IBM X-Force ID: 119737. • https://www.exploit-db.com/exploits/45005 http://www.ibm.com/support/docview.wss?uid=swg22012293 https://exchange.xforce.ibmcloud.com/vulnerabilities/119737 https://blogs.securiteam.com/index.php/archives/3689 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/IBM/ibm-qradar-siem-forensics.txt https://seclists.org/fulldisclosure/2018/May/54 http://www-01.ibm.com/support/docview.wss?uid=swg22015797 https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux& • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2017-1162
https://notcve.org/view.php?id=CVE-2017-1162
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957. IBM QRadar 7.2 y 7.3 divulga información sensible a usuarios sin autorización. Esta información puede emplearse para ejecutar más ataques en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg22008194 http://www.securityfocus.com/bid/100686 https://exchange.xforce.ibmcloud.com/vulnerabilities/122957 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2016-9738
https://notcve.org/view.php?id=CVE-2016-9738
IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783. IBM QRadar 7.2 y 7.3 no requiere que los usuarios tengan contraseñas fuertes por defecto, lo que facilita que los atacantes comprometan las cuentas de usuario. IBM X-Force ID: 119783. • http://www.ibm.com/support/docview.wss?uid=swg22004926 http://www.securityfocus.com/bid/99266 https://exchange.xforce.ibmcloud.com/vulnerabilities/119783 • CWE-254: 7PK - Security Features •