IBM0E5CC003DBF95DA63A7F9ECCF813BF8ABF31B8687DC791704255A29DCCD480A2Security Bulletin: IBM QRadar SIEM is vulnerable to cross-site scripting. (CVE-2017-1724)
EPSS
Percentile
30.7%
Summary
The product allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and allowing spoofing attacks.
Vulnerability Details
CVEID: CVE-2017-1724**
DESCRIPTION:** IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 5.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134814> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Affected Products and Versions
QRadar / QRM / QVM / QRIF / QNI 7.3.0 - 7.3.1 Patch 2
QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3
QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12
Workarounds and Mitigations
None
Related
EPSS
Percentile
30.7%