Vulnerabilities > IBM > Qradar User Behavior Analytics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-36771 | Unspecified vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0/4.1.1 IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. | 6.5 |
| 2021-08-02 | CVE-2021-29757 | Cross-Site Request Forgery (CSRF) vulnerability in IBM Qradar User Behavior Analytics 4.1.1 IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
| 2021-05-14 | CVE-2021-20391 | Insecure Storage of Sensitive Information vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. | 3.3 |
| 2021-05-14 | CVE-2021-20392 | Cross-site Scripting vulnerability in IBM Qradar User Behavior Analytics 1.0.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. | 6.1 |
| 2021-05-14 | CVE-2021-20393 | Information Exposure Through an Error Message vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
| 2021-05-14 | CVE-2021-20429 | Incorrect Authorization vulnerability in IBM Qradar User Behavior Analytics 1.0.0/4.1.0 IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. | 5.3 |