CVSS: 5.4EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4364
https://notcve.org/view.php?id=CVE-2020-4364
14 Jul 2020 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178961. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a unos ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcio... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4509
https://notcve.org/view.php?id=CVE-2020-4509
04 Jun 2020 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un ataque de tipo XML External Entity Injection (XXE) cuando se procesan datos XML. Un atacante remoto podría explotar esta vulnerabilidad para exponer información confidencial o consumir recursos de memori... • https://exchange.xforce.ibmcloud.com/vulnerabilities/182364 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 3CVE-2020-4294 – QRadar Community Edition 7.3.1.6 Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2020-4294
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, es vulnerable a un ataque de tipo Server Side Request Forgery (SSRF). Esto puede permitir a un atacante autenticado enviar peticiones no autorizadas del sistema, conllevando a una enumeració... • https://packetstorm.news/files/id/157329 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 3CVE-2020-4274 – QRadar Community Edition 7.3.1.6 Authorization Bypass
https://notcve.org/view.php?id=CVE-2020-4274
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, podría permitir a un usuario autentificado acceder a los datos y llevar a cabo acciones no autorizadas debido a comprobaciones de permisos inadecuadas. IBM X-ForceID: 175980. QRadar Community Edition version 7.3.1.6 suffers from an authorization bypass vulnerability. • https://packetstorm.news/files/id/157338 • CWE-276: Incorrect Default Permissions •
CVSS: 8.8EPSS: 7%CPEs: 5EXPL: 3CVE-2020-4272 – QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation
https://notcve.org/view.php?id=CVE-2020-4272
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, podría permitir a un atacante remoto incluir archivos arbitrarios. Un atacante remoto podría enviar una petición especialmente diseñada para especificar un arch... • https://packetstorm.news/files/id/157337 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 2CVE-2020-4271 – QRadar Community Edition 7.3.1.6 PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-4271
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, podría permitir a un usuario autentificado enviar un comando especialmente diseñado que sería ejecutado como un usuario poco privilegiado. IBM X-ForceID: 175897. QRadar Community Edition version 7.3.1.6 suffers from a php object injection vulnerability. • https://packetstorm.news/files/id/157336 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 3CVE-2020-4270 – QRadar Community Edition 7.3.1.6 Insecure File Permissions
https://notcve.org/view.php?id=CVE-2020-4270
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, podría permitir a un usuario local alcanzar privilegios escalados debido a una debilidad de los permisos de archivo. IBM X-ForceID: 175846. QRadar Community Edition version 7.3.1.6 suffers from a local privilege escalation due to insecure file permissions with run-result-reader.sh. • https://packetstorm.news/files/id/157335 • CWE-276: Incorrect Default Permissions •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 3CVE-2020-4269 – QRadar Community Edition 7.3.1.6 Default Credentials
https://notcve.org/view.php?id=CVE-2020-4269
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, contiene credenciales embebidas, tales como una contraseña o una clave criptográfica, que usa para su propia autenticación de entrada, la comunicación de salida a componentes externos o el cifrado de da... • https://packetstorm.news/files/id/157328 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4268
https://notcve.org/view.php?id=CVE-2020-4268
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 175841. IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterand... • https://exchange.xforce.ibmcloud.com/vulnerabilities/175841 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4654
https://notcve.org/view.php?id=CVE-2019-4654
15 Apr 2020 — IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965. IBM QRadar versiones 7.3.0 hasta la versión 7.3.3, Parche 2 no comprueba, o comprueba inapropiadamente, un certificado que podría permitir a un atacante suplantar una entidad confiable usando un ataque de tipo man-in-the-middle (MITM). IBM X-ForceID: 170965. • https://exchange.xforce.ibmcloud.com/vulnerabilities/170965 • CWE-295: Improper Certificate Validation •