CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4829
https://notcve.org/view.php?id=CVE-2014-4829
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4825
https://notcve.org/view.php?id=CVE-2014-4825
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no implementa debidamente conexiones seguras, lo que permite a atacantes man-in-the-middle descubrir credenciales en texto claro a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95575 • CWE-310: Cryptographic Issues •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4833
https://notcve.org/view.php?id=CVE-2014-4833
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a usuarios remotos autenticados ganar privilegios a través de entradas inválidas. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95583 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4830
https://notcve.org/view.php?id=CVE-2014-4830
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuencias de comandos a esta cookie. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 http://www.securityfocus.com/bid/71077 https://exchange.xforce.ibmcloud.com/vulnerabilities/95580 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4827
https://notcve.org/view.php?id=CVE-2014-4827
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 https://exchange.xforce.ibmcloud.com/vulnerabilities/95577 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •