Filtered by vendor Ibm
Subscriptions
Filtered by product Qradar Security Information And Event Manager
Subscriptions
Total
175 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-4787 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 2.3 Low |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. | ||||
| CVE-2020-4786 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 4.3 Medium |
| IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221. | ||||
| CVE-2020-4513 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.1 Medium |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182368. | ||||
| CVE-2020-4512 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 7.2 High |
| IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | ||||
| CVE-2020-4511 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366. | ||||
| CVE-2020-4510 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.5 Medium |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182365. | ||||
| CVE-2020-4509 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.6 High |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 182364. | ||||
| CVE-2020-4486 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 8.1 High |
| IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to overwrite or delete arbitrary files due to a flaw after WinCollect installation. IBM X-Force ID: 181861. | ||||
| CVE-2020-4485 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to disable the Wincollect service which could aid an attacker in bypassing security mechanisms in future attacks. IBM X-Force ID: 181860. | ||||
| CVE-2020-4364 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 5.4 Medium |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178961. | ||||
| CVE-2020-4294 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.3 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404. | ||||
| CVE-2020-4280 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140. | ||||
| CVE-2020-4274 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. | ||||
| CVE-2020-4272 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898. | ||||
| CVE-2020-4271 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 6.3 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM X-ForceID: 175897. | ||||
| CVE-2020-4270 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.8 High |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. | ||||
| CVE-2020-4269 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 7.5 High |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845. | ||||
| CVE-2020-4268 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 5.4 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 175841. | ||||
| CVE-2020-4151 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 6.5 Medium |
| IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attacker to perform unauthorized actions due to improper input validation. IBM X-Force ID: 174201. | ||||
| CVE-2019-4654 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.8 Medium |
| IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-ForceID: 170965. | ||||