Vulnerabilities > IBM > Qradar Security Information AND Event Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-17 | CVE-2018-2021 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2019-05-29 | CVE-2019-4264 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. | 5.9 |
| 2019-04-19 | CVE-2018-1729 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1 IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. | 5.3 |
| 2019-01-29 | CVE-2018-1733 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. | 5.3 |
| 2018-07-17 | CVE-2018-1612 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar Incident Forensics (IBM QRadar SIEM 7.2, and 7.3) could allow a remote attacker to bypass authentication and obtain sensitive information. | 5.8 |
| 2018-04-26 | CVE-2017-1724 | Cross-site Scripting vulnerability in IBM products IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2018-04-26 | CVE-2017-1723 | Path Traversal vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. | 6.5 |
| 2018-04-26 | CVE-2017-1722 | SQL Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. | 6.3 |
| 2018-04-26 | CVE-2017-1721 | Code Injection vulnerability in IBM Qradar Security Information and Event Manager IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. | 5.6 |
| 2018-04-04 | CVE-2017-1624 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1 IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. | 5.4 |