Vulnerabilities > IBM > Qradar Security Information AND Event Manager > 7.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-9730 | Cross-Site Request Forgery (CSRF) vulnerability in IBM products IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 4.3 |
| 2017-03-07 | CVE-2016-9729 | Improper Authentication vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. | 6.5 |
| 2017-03-07 | CVE-2016-9728 | SQL Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Qradar 7.2 is vulnerable to SQL injection. | 7.5 |
| 2017-03-07 | CVE-2016-9727 | Improper Input Validation vulnerability in IBM products IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.5 |
| 2017-03-07 | CVE-2016-9726 | Improper Input Validation vulnerability in IBM products IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-03-07 | CVE-2016-9725 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. | 5.3 |
| 2017-03-07 | CVE-2016-9724 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. | 8.1 |
| 2017-03-07 | CVE-2016-9723 | Cross-site Scripting vulnerability in IBM products IBM QRadar 7.2 is vulnerable to cross-site scripting. | 6.1 |
| 2017-03-07 | CVE-2016-9720 | Information Exposure vulnerability in IBM products IBM QRadar 7.2 discloses sensitive information to unauthorized users. | 5.3 |
| 2017-03-01 | CVE-2016-2880 | Key Management Errors vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. | 7.8 |