Lucene search
China National Vulnerability DatabaseCNVD-2024-01173HistoryNov 14, 2023 - 12:00 a.m.
IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-01173)
2023-11-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
5
ibm qradar siem
security oversight
cross-site scripting
vulnerability
user activity
web ui
disclosure of credentials
IBM QRadar SIEM is a solution from International Business Machines (IBM) that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. A cross-site scripting vulnerability exists in IBM QRadar SIEM versions prior to 7.5.0 that stems from the application’s lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to embed arbitrary JavaScript code in the Web UI to change the intended functionality, resulting in the disclosure of credentials during a trusted session.
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm ibm qradar siem | lt | 7.5.0 |
Related
prion
prion
Cross site scripting
2023-11-11 16:15:00
cvelist
cvelist
CVE-2023-43057 IBM QRadar SIEM cross-site scripting
2023-11-11 15:31:11
nvd
nvd
CVE-2023-43057
2023-11-11 16:15:31
cve
cve
CVE-2023-43057
2023-11-11 16:15:31
ibm
ibm
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2023-11-16 18:47:38