Vulnerabilities > IBM > Qradar Network Security
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-12 | CVE-2020-4157 | Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0 IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2022-07-12 | CVE-2020-4159 | Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0 IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. | 7.5 |
| 2021-11-08 | CVE-2020-4152 | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Network Security IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. | 5.9 |
| 2021-11-08 | CVE-2020-4153 | Cross-site Scripting vulnerability in IBM Qradar Network Security IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. | 5.4 |
| 2021-11-08 | CVE-2020-4160 | Unspecified vulnerability in IBM Qradar Network Security IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-09-05 | CVE-2017-1491 | Unspecified vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. | 7.5 |
| 2017-09-05 | CVE-2017-1458 | XXE vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. | 8.1 |
| 2017-09-05 | CVE-2017-1457 | Cross-site Scripting vulnerability in IBM Qradar Network Security 5.4 IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. | 6.1 |