Lucene search

[email protected]CVE-2017-1133

HistoryMar 07, 2017 - 5:59 p.m.

CVE-2017-1133

2017-03-0717:59:00

CWE-79

[email protected]

web.nvd.nist.gov

ibm

qradar

7.2

xss

vulnerability

javascript

code

execution

nvd

cve-2017-1133

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999534.

Affected configurations

Vulners

NVD

Node

ibm_corporationqradar_security_information_and_event_managerMatch7.1

ibm_corporationqradar_security_information_and_event_managerMatch7.0

ibm_corporationqradar_security_information_and_event_managerMatch7.2

ibm_corporationqradar_security_information_and_event_managerMatch7.1

ibm_corporationqradar_security_information_and_event_managerMatch7

ibm_corporationqradar_security_information_and_event_managerMatch7.2.3

CPENameOperatorVersion
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.0
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.1
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.2
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.3
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.4
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.5
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.6
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.7
ibm:qradar_incident_forensicsibm qradar incident forensicseq7.2.8
ibm:qradar_security_information_and_event_manageribm qradar security information and event managereq7.2.0

CPE	Name	Operator	Version
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.0
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.1
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.2
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.3
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.4
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.5
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.6
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.7
ibm:qradar_incident_forensics	ibm qradar incident forensics	eq	7.2.8
ibm:qradar_security_information_and_event_manager	ibm qradar security information and event manager	eq	7.2.0

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "QRadar SIEM",
    "vendor": "IBM Corporation",
    "versions": [
      {
        "status": "affected",
        "version": "7.1 MR1"
      },
      {
        "status": "affected",
        "version": "7.1"
      },
      {
        "status": "affected",
        "version": "7.0"
      },
      {
        "status": "affected",
        "version": "7.2"
      },
      {
        "status": "affected",
        "version": "7.1 MR2"
      },
      {
        "status": "affected",
        "version": "7"
      },
      {
        "status": "affected",
        "version": "7.2.3"
      }
    ]
  }
]

References

www.ibm.com/support/docview.wss?uid=swg21999534

www.securityfocus.com/bid/97239

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.2%

JSON

Related for CVE-2017-1133

prion1 nvd1 cvelist1 ibm2