Описание
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00225
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allow remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
EPSS
Процентиль: 45%
0.00225
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200