Vulnerabilities > IBM > Qradar Security Information AND Event Manager > 7.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-05 | CVE-2018-1725 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure. | 2.1 |
| 2020-10-08 | CVE-2020-4280 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. | 9.0 |
| 2020-10-08 | CVE-2019-4545 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks. | 4.3 |
| 2020-07-14 | CVE-2020-4513 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. | 4.3 |
| 2020-07-14 | CVE-2020-4512 | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | 6.5 |
| 2020-07-14 | CVE-2020-4511 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. | 4.0 |
| 2020-07-14 | CVE-2020-4510 | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
| 2020-07-14 | CVE-2020-4364 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. | 3.5 |
| 2020-04-15 | CVE-2020-4294 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). | 6.5 |
| 2020-04-15 | CVE-2020-4274 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. | 5.5 |