Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM8E95301359DBF5F40D57EE684AFA766B321D8199E546109336C50BE3151827E7
HistoryJan 24, 2019 - 12:55 p.m.

SECURITY BULLETIN: IBM QRadar SIEM is vulnerable to Content Spoofing (CVE-2018-1733)

2019-01-2412:55:01
www.ibm.com
7

EPSS

0.001

Percentile

48.6%

JSON

Summary

The software fails to adequately filter user-controlled input data for syntax that has control-plane implications. Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. In this case the page could be modified to include a misleading message to the victim which could subject them to further compromise.

Vulnerability Details

CVEID: CVE-2018-1733
**Description:**IBM QRadar fails to adequately filter user-controlled input data for syntax that has control-plane implications which could allow an attacker to modify displayed content.
**CVSS Base Score:**5.3
**CVSS Temporal Score:**For the current score, see _ <https://exchange.xforce.ibmcloud.com/vulnerabilities/147811&gt; _
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected Products and Versions

  • IBM QRadar SIEM Version 7.2 to 7.2.8 Patch 13
  • IBM QRadar SIEM Version 7.3 to 7.3.1 Patch 6

Remediation/Fixes

Workarounds and Mitigations

None

Related

cvelist 1
nvd 1
prion 1
cve 1
cvelist
cvelist
CVE-2018-1733
2019-01-29 16:00:00
nvd
nvd
CVE-2018-1733
2019-01-29 16:29:00
prion
prion
Input validation
2019-01-29 16:29:00
cve
cve
CVE-2018-1733
2019-01-29 16:29:00

EPSS

0.001

Percentile

48.6%

JSON
Related for 8E95301359DBF5F40D57EE684AFA766B321D8199E546109336C50BE3151827E7
cvelist1nvd1prion1cve1