Vulnerability Details : CVE-2014-6075
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2014-6075
Probability of exploitation activity in the next 30 days: 0.18%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 54 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-6075
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-6075
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6075
-
http://www-01.ibm.com/support/docview.wss?uid=swg21691211
IBM Security Bulletin: Multiple vulnerabilities found in IBM QRadar SIEM and QRadar Risk Manager (CVE-2014-4832, CVE-2014-4831, CVE-2014-4829, CVE-2014-4829, CVE-2014-6075)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95727
IBM QRadar Risk Manager information disclosure CVE-2014-6075 Vulnerability Report
Products affected by CVE-2014-6075
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:*