Vulnerabilities > IBM > Qradar Security Information AND Event Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-04 | CVE-2020-4509 | XXE vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0 IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 7.6 |
| 2020-04-15 | CVE-2020-4294 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). | 6.3 |
| 2020-04-15 | CVE-2020-4274 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. | 5.4 |
| 2020-04-15 | CVE-2020-4272 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. | 8.8 |
| 2020-04-15 | CVE-2020-4271 | Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. | 6.3 |
| 2020-04-15 | CVE-2020-4270 | Incorrect Default Permissions vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. | 7.8 |
| 2020-04-15 | CVE-2020-4269 | Use of Hard-coded Credentials vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
| 2020-04-15 | CVE-2020-4268 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. | 5.4 |
| 2020-04-15 | CVE-2019-4654 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | 4.8 |
| 2020-04-15 | CVE-2019-4594 | Cleartext Transmission of Sensitive Information vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. | 5.9 |