CVE-2020-4993
https://notcve.org/view.php?id=CVE-2020-4993
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905. IBM QRadar SIEM versiones 7.3 y 7.4, cuando se descomprime o comprueba la firma de archivos zip que procesa los datos de una manera que puede ser vulnerable a ataques de saltos de ruta. IBM X-Force ID: 192905 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192905 https://www.ibm.com/support/pages/node/6449672 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-4979
https://notcve.org/view.php?id=CVE-2020-4979
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a la comunicación no segura entre implementaciones. Un atacante que pueda comprometer o falsificar el tráfico entre hosts puede ejecutar comandos arbitrarios. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192538 https://www.ibm.com/support/pages/node/6449668 •
CVE-2020-4932
https://notcve.org/view.php?id=CVE-2020-4932
IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748. IBM QRadar SIEM versiones 7.3 y 7.4, contiene credenciales embebidas, como una contraseña o clave criptográfica, que usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 191748 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191748 https://www.ibm.com/support/pages/node/6449682 • CWE-798: Use of Hard-coded Credentials •
CVE-2020-4929
https://notcve.org/view.php?id=CVE-2020-4929
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un cross-site scripting. Esta vulnerabilidad permite a usuarios insertar un código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista que puede conllevar a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/191706 https://www.ibm.com/support/pages/node/6449674 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-4883
https://notcve.org/view.php?id=CVE-2020-4883
IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907. IBM QRadar SIEM versiones 7.3 y 7.4, podría divulgar información confidencial sobre otros dominios que podrían ser usado en futuros ataques contra el sistema. IBM X-Force ID: 190907 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190907 https://www.ibm.com/support/pages/node/6449678 •