CVE-2016-9972
https://notcve.org/view.php?id=CVE-2016-9972
IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 120208. IBM QRadar 7.2 y 7.3 podría permitir que un atacante remoto obtenga información sensible, provocado por la imposibilidad de habilitar correctamente HTTP Strict Transport Security. Un atacante podría explotar esta vulnerabilidad para obtener información sensible empleando técnicas man-in-the-Middle (MitM). • http://www.ibm.com/support/docview.wss?uid=swg22004925 http://www.securityfocus.com/bid/99268 https://exchange.xforce.ibmcloud.com/vulnerabilities/120208 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2017-1234
https://notcve.org/view.php?id=CVE-2017-1234
IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913. IBM Qradar 7.2 y 7.3 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar código Javascript aleatorio en la interfaz Web lo que alteraría la funcionalidad planeada potencialmente llevando a la revelación de credenciales dentro de una sesión confiable. • http://www.ibm.com/support/docview.wss?uid=swg22004948 http://www.securityfocus.com/bid/99265 https://exchange.xforce.ibmcloud.com/vulnerabilities/123913 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-9750
https://notcve.org/view.php?id=CVE-2016-9750
IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. IBM QRadar 7.2 y 7.3 almacena las credenciales de usuario en texto claro que puede ser leído por un usuario autenticado. IBM X-Force ID: 120207. • http://www.ibm.com/support/docview.wss?uid=swg22003137 • CWE-255: Credentials Management Errors •
CVE-2016-9725
https://notcve.org/view.php?id=CVE-2016-9725
IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. IBM Reference #: 1999539. IBM QRadar Incident Forensics 7.2 permite CORS, que es un mecanismo que permite a sitios web solicitar recursos de sitios externos, evitando la necesidad de duplicarlos. Referencia de IBM #: 1999539. • http://www.ibm.com/support/docview.wss?uid=swg21999539 http://www.securityfocus.com/bid/96530 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2016-9726
https://notcve.org/view.php?id=CVE-2016-9726
IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542. IBM QRadar Incident Forensics 7.2 podría permitir a un atacante remoto autenticado ejecutar comandos arbitrarios en el sistema. Enviando una petición especialmente manipulada, un atacante podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el sistema. • http://www.ibm.com/support/docview.wss?uid=swg21999542 • CWE-20: Improper Input Validation •