Ibm: >> Qradar Security Information And Event Manager >> 7.5.0 Security Vulnerabilities
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-06-19
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.
CVSS Score
7.1
EPSS Score
0.002
Published
2025-06-19
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 stores potentially sensitive information in log files that could be read by a local user.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-06-19
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-02-14
IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-01-28
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
6.4
EPSS Score
0.0
Published
2024-12-07
IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.
CVSS Score
6.8
EPSS Score
0.001
Published
2024-05-14
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-04-11
IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285893.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-03-27
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275939.
CVSS Score
4.8
EPSS Score
0.001
Published
2024-03-27
Page 1