Vulnerability Details : CVE-2014-4830
IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
Exploit prediction scoring system (EPSS) score for CVE-2014-4830
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 63 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-4830
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-4830
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-4830
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95580
IBM QRadar Security Information and Event Management information disclosure CVE-2014-4830 Vulnerability Report
-
http://www.securityfocus.com/bid/71077
IBM QRadar SIEM CVE-2014-4830 Information Disclosure Weakness
-
http://www-01.ibm.com/support/docview.wss?uid=swg21686478
IBM Security Bulletin: Multiple security vulnerabilities in QRadar, QRM, QVM (CVE-2014-0837, CVE-2014-4833, CVE2014-4830, CVE-2014-4827, CVE-2014-4828, CVE-2014-4825)Vendor Advisory
Products affected by CVE-2014-4830
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*