Описание
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Ссылки
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_10:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_11:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_12:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_13:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_4:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_5:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_6:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_7:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_8:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_incident_forensics:7.5.0:update_pack_9:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_10:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_7:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_8:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_9:*:*:*:*:*:*
EPSS
Процентиль: 4%
0.00019
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
6 месяцев назад
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
EPSS
Процентиль: 4%
0.00019
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79