Описание
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.
Уязвимые конфигурации
Конфигурация 1Версия от 7.2.0 (включая) до 7.2.5 (исключая)
Одно из
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:mr2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:patch1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:patch2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:patch3:*:*:*:*:*:*
EPSS
Процентиль: 36%
0.00148
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.
EPSS
Процентиль: 36%
0.00148
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352