Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-6075

Опубликовано: 28 нояб. 2014
Источник: nvd
CVSS2: 5
EPSS Низкий

Описание

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 43%
0.00207
Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-62pp-mcmg-6p2q

github
больше 3 лет назад

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

EPSS

Процентиль: 43%
0.00207
Низкий

5 Medium

CVSS2

Дефекты

CWE-200