Lucene search

K
ibmIBM1E4F1539C9222B2009668449A6C3CF794AB01AF3B3CFBC399634BBC90D409FE5
HistoryMar 05, 2019 - 6:10 p.m.

Security Bulletin: IBM QRadar SIEM is vulnerable to Apache Tomcat Publicly disclosed vulnerability (CVE-2018-11784)

2019-03-0518:10:01
www.ibm.com
31

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Summary

Apache Tomcat Publicly disclosed vulnerability

Vulnerability Details

CVEID: CVE-2018-11784
**Description:**Apache Tomcat could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the default servlet. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
**CVSS Base Score:**7.4
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/150860&gt; for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Affected Products and Versions

  • IBM QRadar SIEM 7.3.0 - 7.3.1 Patch 7

Remediation/Fixes

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security qradar siemeq7.3

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

Related for 1E4F1539C9222B2009668449A6C3CF794AB01AF3B3CFBC399634BBC90D409FE5