Vulnerabilities > IBM > Qradar Security Information AND Event Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-29 | CVE-2015-2009 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar Security Information and Event Manager Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. | 8.8 |
| 2018-01-10 | CVE-2017-1623 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-10 | CVE-2016-9722 | Improper Access Control vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 4.2 |
| 2017-12-20 | CVE-2017-1696 | Improper Input Validation vulnerability in IBM Qradar Security Information and Event Manager 7.3.0 IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. | 8.8 |
| 2017-09-12 | CVE-2017-1162 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. | 7.5 |
| 2017-06-27 | CVE-2017-1234 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-06-27 | CVE-2016-9972 | Permissions, Privileges, and Access Controls vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |
| 2017-06-27 | CVE-2016-9738 | 7PK - Security Features vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 7.5 |
| 2017-05-15 | CVE-2016-9750 | Credentials Management vulnerability in IBM Qradar Security Information and Event Manager 7.2.0/7.3.0 IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. | 6.5 |
| 2017-03-07 | CVE-2017-1133 | Cross-site Scripting vulnerability in IBM products IBM QRadar 7.2 is vulnerable to cross-site scripting. | 5.4 |