IBM » Qradar Security Information And Event Manager : Security Vulnerabilities, CVEs, Published In 2016 (XSS)

CVE-2016-2878

Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.0
EPSS Score
0.08%
Published
2016-11-30
Updated
2016-12-23

CVE-2016-2869

Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML via crafted fields in a URL.
Max CVSS
5.4
EPSS Score
0.06%
Published
2016-11-30
Updated
2016-12-15

CVE-2015-7409

Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.
Max CVSS
5.4
EPSS Score
0.06%
Published
2016-01-01
Updated
2016-01-06

CVE-2015-4957

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Max CVSS
5.4
EPSS Score
0.06%
Published
2016-02-15
Updated
2016-02-26
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close