Ibm: >> Qradar Security Information And Event Manager >> 7.5.0 Security Vulnerabilities
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341.
CVSS Score
4.3
EPSS Score
0.004
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.
CVSS Score
4.3
EPSS Score
0.002
Published
2022-04-27
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021
CVSS Score
5.9
EPSS Score
0.003
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.
CVSS Score
3.7
EPSS Score
0.002
Published
2022-04-27
IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-27
IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user's dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030.
CVSS Score
3.1
EPSS Score
0.002
Published
2022-04-27
Page 4