Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM03A2D04F2A23583EA8804D22D80BE5D104B6614ED1819FDDED1999B429443CAC
HistoryJun 16, 2018 - 9:31 p.m.

Security Bulletin: IBM QRadar Vulnerability Manager is vulnerable to a Cross-Site Request Forgery. (CVE-2015-1997)

2018-06-1621:31:54
www.ibm.com
11

EPSS

0.002

Percentile

52.4%

JSON

Summary

Cross-Site Request Forgery found in QRadar Vulnerability Manager

Vulnerability Details

CVE-ID: CVE-2015-1997

Description: IBM QRadar Vulnerability Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.

CVSS Base Score: 4.3 **CVSS Temporal Score:**See https://exchange.xforce.ibmcloud.com/vulnerabilities/103907 for the current score **CVSS Environmental Score:***Undefined CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected Products and Versions

ยท IBM QRadar QVM 7.2.n

Remediation/Fixes

ยท IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 5

Workarounds and Mitigations

None

Related

nvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2015-1997
2015-11-08 22:59:06
cvelist
cvelist
CVE-2015-1997
2015-11-08 22:00:00
prion
prion
Cross site request forgery (csrf)
2015-11-08 22:59:00
cve
cve
CVE-2015-1997
2015-11-08 22:59:06

EPSS

0.002

Percentile

52.4%

JSON
Related for 03A2D04F2A23583EA8804D22D80BE5D104B6614ED1819FDDED1999B429443CAC
nvd1cvelist1prion1cve1