Vulnerabilities > IBM > Qradar Security Information AND Event Manager > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-09 | CVE-2019-4581 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. | 4.3 |
| 2019-11-09 | CVE-2019-4509 | Incorrect Authorization vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive information. | 4.0 |
| 2019-09-26 | CVE-2019-4262 | Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to Server Side Request Forgery (SSRF). | 5.0 |
| 2019-07-17 | CVE-2019-4211 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2019-07-17 | CVE-2018-2022 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 discloses sensitive information to unauthorized users. | 5.3 |
| 2019-07-17 | CVE-2018-2021 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2019-05-29 | CVE-2019-4264 | Improper Certificate Validation vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. | 5.9 |
| 2019-04-19 | CVE-2018-1729 | Information Exposure vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.3.1/7.3.2 IBM QRadar SIEM 7.3 discloses sensitive information to unauthorized users. | 5.0 |
| 2019-02-15 | CVE-2017-1695 | Inadequate Encryption Strength vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 5.0 |
| 2019-01-29 | CVE-2018-1733 | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.2 and 7.3 fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content. | 5.0 |