Vulnerabilities > IBM > Qradar Security Information AND Event Manager > 7.3.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2016-9722 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 4.2 |
| 2017-12-20 | CVE-2017-1696 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0 IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-09-12 | CVE-2017-1162 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. | 7.5 |
| 2017-06-27 | CVE-2017-1234 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-06-27 | CVE-2016-9972 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-06-27 | CVE-2016-9738 | 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2017-05-15 | CVE-2016-9750 | Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0 IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. | 6.5 |