Lucene search
IBM4C098F361630D7B1B1479418742344616055F5D6CA18E8D7BC2B4DF5527FD700HistoryJun 16, 2018 - 9:31 p.m.
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1999)
2018-06-1621:31:11
www.ibm.com
6
0.002 Low
EPSS
Percentile
54.9%
Summary
Sensitive parameters were passed in the request query to QRadar Incident Forensics
Vulnerability Details
VULNERABILITY DETAILS
CVE-ID:CVE-2015-1999
Description: IBM QRadar could allow an attacker to obtain sensitive information such as sessionIDs through a query of an SSL request parameter. A remote attacker could obtain this information through man in the middle techniques.
**CVSS Base Score:**4.3 **CVSS Temporal Score: **See https://exchange.xforce.ibmcloud.com/vulnerabilities/103910 for the current score **CVSS Environmental Score:***Undefined **CVSS Vector:**AV:N/AC:M/Au:N/C:P/I:N/A:N
Affected Products and Versions
ยท IBM QRadar Incident Forensics 7.2.n
Remediation/Fixes
ยท IBM QRadar/QRM/QVM/QRIF 7.2.5 Patch 5
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar incident forensics | eq | 7.2.2 |
Related
cvelist
cvelist
CVE-2015-1999
2015-11-08 22:00:00
prion
prion
Design/Logic Flaw
2015-11-08 22:59:00
cve
cve
CVE-2015-1999
2015-11-08 22:59:07
nvd
nvd
CVE-2015-1999
2015-11-08 22:59:07
0.002 Low
EPSS
Percentile
54.9%
Related for 4C098F361630D7B1B1479418742344616055F5D6CA18E8D7BC2B4DF5527FD700