Vulnerabilities > IBM > Qradar Security Information AND Event Manager > 7.2.8

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-07	CVE-2016-9727	Improper Input Validation vulnerability in IBM products IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. network ibm CWE-20	8.5
2017-03-07	CVE-2016-9726	Improper Input Validation vulnerability in IBM products IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. network low complexity ibm CWE-20 critical	9.0
2017-03-07	CVE-2016-9725	Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them. network low complexity ibm CWE-200	5.0
2017-03-07	CVE-2016-9724	XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. network low complexity ibm CWE-611	7.5
2017-03-07	CVE-2016-9723	Cross-site Scripting vulnerability in IBM products IBM QRadar 7.2 is vulnerable to cross-site scripting. network ibm CWE-79	4.3
2017-03-07	CVE-2016-9720	Information Exposure vulnerability in IBM products IBM QRadar 7.2 discloses sensitive information to unauthorized users. network low complexity ibm CWE-200	5.0

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.