CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2018-1648
https://notcve.org/view.php?id=CVE-2018-1648
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 144653. IBM QRadar SIEM 7.2 y 7.3 emplea algoritmos criptográficos más débiles de lo esperado que podrían permitir que un atacante descifre información altamente sensible. IBM X-Force ID: 144653. • http://www.ibm.com/support/docview.wss?uid=ibm10737027 https://exchange.xforce.ibmcloud.com/vulnerabilities/144653 • CWE-326: Inadequate Encryption Strength •
CVSS: 5.9EPSS: 0%CPEs: 20EXPL: 0CVE-2018-1650
https://notcve.org/view.php?id=CVE-2018-1650
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator. IBM X-Force ID: 144656. IBM QRadar SIEM 7.2 y 7.3 emplea credenciales embebidas que podrían permitir que un atacante omita la autenticación configurada por el administrador. IBM X-Force ID: 144656. • http://www.ibm.com/support/docview.wss?uid=ibm10737025 https://exchange.xforce.ibmcloud.com/vulnerabilities/144656 • CWE-798: Use of Hard-coded Credentials •
CVSS: 4.0EPSS: 0%CPEs: 20EXPL: 0CVE-2018-1568
https://notcve.org/view.php?id=CVE-2018-1568
IBM QRadar SIEM 7.2 and 7.3 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 143118. IBM QRadar SIEM 7.2 y 7.3 permite que las páginas web se almacenen localmente, lo que permite que sean leídas por otro usuario en el sistema. IBM X-Force ID: 143118. • http://www.ibm.com/support/docview.wss?uid=ibm10737023 https://exchange.xforce.ibmcloud.com/vulnerabilities/143118 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2018-1728
https://notcve.org/view.php?id=CVE-2018-1728
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147707. IBM QRadar SIEM 7.2 y 7.3 es vulnerable a Cross-Site Scripting (XSS). Esta vulnerabilidad permite que los usuarios embeban código JavaScript arbitrario en la interfaz de usuario web, lo que altera las funcionalidades previstas. • https://exchange.xforce.ibmcloud.com/vulnerabilities/147707 https://www.ibm.com/support/docview.wss?uid=ibm10742723 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 22EXPL: 0CVE-2017-1622
https://notcve.org/view.php?id=CVE-2017-1622
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120. IBM QRadar SIEM 7.2.8 y 7.3 no valida un certificado, o lo hace de forma incorrecta. Esta debilidad podría permitir que un atacante suplante una entidad de confianza mediante un ataque de Man-in-the-Middle (MitM). • https://exchange.xforce.ibmcloud.com/vulnerabilities/133120 https://www.ibm.com/support/docview.wss?uid=ibm10742713 • CWE-295: Improper Certificate Validation •