CVSS: 5.3EPSS: 0%CPEs: 17EXPL: 0CVE-2014-6075
https://notcve.org/view.php?id=CVE-2014-6075
28 Nov 2014 — IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch ... • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4829
https://notcve.org/view.php?id=CVE-2014-4829
28 Nov 2014 — Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Vulnerabilidad de CSRF en IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Pa... • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2014-4832
https://notcve.org/view.php?id=CVE-2014-4832
28 Nov 2014 — IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session. IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permiten a atacantes remotos obtener información sensible sobre cookies ... • http://www-01.ibm.com/support/docview.wss?uid=swg21691211 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4830
https://notcve.org/view.php?id=CVE-2014-4830
19 Oct 2014 — IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no incluye el indicador HTTPOnly en una cabecera Set-Cookie para la cookie de la sesión, lo que facilita a atacantes remotos obtener información potencialmente sensible a través de acceso de secuen... • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4828
https://notcve.org/view.php?id=CVE-2014-4828
19 Oct 2014 — IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to conduct clickjacking attacks via a crafted HTTP request. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos realizar ataques de clickjacking a través de una solicitud HTTP manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4833
https://notcve.org/view.php?id=CVE-2014-4833
19 Oct 2014 — IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote authenticated users to gain privileges via invalid input. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a usuarios remotos autenticados ganar privilegios a través de entradas inválidas. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4827
https://notcve.org/view.php?id=CVE-2014-4827
19 Oct 2014 — Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4825
https://notcve.org/view.php?id=CVE-2014-4825
19 Oct 2014 — IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors. IBM Security QRadar SIEM QRM 7.1 MR1 y QRM/QVM 7.2 MR2 no implementa debidamente conexiones seguras, lo que permite a atacantes man-in-the-middle descubrir credenciales en texto claro a través de vectores no especificados. • http://www-01.ibm.com/support/docview.wss?uid=swg21686478 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-3091
https://notcve.org/view.php?id=CVE-2014-3091
13 Oct 2014 — Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.1.x and 7.2.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Vulnerabilidad de XSS en IBM Security QRadar SIEM 7.1.x y 7.2.x permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de una URL manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg21686480 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 0CVE-2014-3062
https://notcve.org/view.php?id=CVE-2014-3062
27 Sep 2014 — Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 MR2 allows remote attackers to execute arbitrary code via unknown vectors. Vulnerabilidad no especificada en IBM Security QRadar SIEM 7.1 MR2 y 7.2 MR2 permite a atacantes remotos ejecutar código arbitrario a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg21683609 •