Vulnerability Details : CVE-2014-6075
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Products affected by CVE-2014-6075
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-6075
0.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-6075
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-6075
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-6075
-
http://www-01.ibm.com/support/docview.wss?uid=swg21691211
IBM Security Bulletin: Multiple vulnerabilities found in IBM QRadar SIEM and QRadar Risk Manager (CVE-2014-4832, CVE-2014-4831, CVE-2014-4829, CVE-2014-4829, CVE-2014-6075)Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95727
IBM QRadar Risk Manager information disclosure CVE-2014-6075 Vulnerability Report
Jump to