IBM61F38AC25BE4EB4CC06176E63B3463DE7A49638BA1B334A67800C7686B0B65B9Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4594)
0.002 Low
EPSS
Percentile
64.5%
Summary
IBM QRadar could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security
Vulnerability Details
CVEID:CVE-2019-4594
**DESCRIPTION:**IBM QRadar could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/167810 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Products and Versions
ยท IBM QRadar 7.3.0 to 7.3.3 Patch 1
Remediation/Fixes
ยท QRadar / QRM / QVM / QNI 7.4.0 GA (SFS)
ยท QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 2 (SFS)
ยท QRadar / QRM / QVM / QRIF / QNI 7.3.2 Patch 7(SFS)
ยท QRadar Incident Forensics 7.4.0 (ISO)
ยท QRadar Incident Forensics 7.4.0 (SFS)
NOTE: Administrators with QRadar Incident Forensics should be aware that a new ISO and SFS file are published to IBM Fix Central for QRadar Incident Forensics 7.4.0 versions
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.3 | |
| ibm security qradar siem | eq | 7.4 |
Related
0.002 Low
EPSS
Percentile
64.5%