Vulnerabilities > IBM > Qradar Incident Forensics > Medium

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-1728 Cross-site Scripting vulnerability in IBM Qradar Incident Forensics
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-12-05 CVE-2018-1650 Use of Hard-coded Credentials vulnerability in IBM Qradar Incident Forensics
IBM QRadar SIEM 7.2 and 7.3 uses hard-coded credentials which could allow an attacker to bypass the authentication configured by the administrator.
local
low complexity
ibm CWE-798
5.5
5.5
2018-10-05 CVE-2018-1649 Path Traversal vulnerability in IBM Qradar Incident Forensics
IBM QRadar Incident Forensics 7.2 and 7.3 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
6.5
2018-04-26 CVE-2017-1724 Cross-site Scripting vulnerability in IBM products
IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2018-04-26 CVE-2017-1723 Path Traversal vulnerability in IBM Qradar Security Information and Event Manager
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
6.5
2017-03-07 CVE-2017-1133 Cross-site Scripting vulnerability in IBM products
IBM QRadar 7.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-03-07 CVE-2016-9730 Cross-Site Request Forgery (CSRF) vulnerability in IBM products
IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
network
low complexity
ibm CWE-352
4.3
4.3
2017-03-07 CVE-2016-9723 Cross-site Scripting vulnerability in IBM products
IBM QRadar 7.2 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2017-03-07 CVE-2016-9720 Information Exposure vulnerability in IBM products
IBM QRadar 7.2 discloses sensitive information to unauthorized users.
network
low complexity
ibm CWE-200
5.3
5.3