7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%
The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs in an update.
CVEID:CVE-2024-28849
**DESCRIPTION:**Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage of credentials when clearing authorization header during cross-domain redirect, but keeping the proxy-authentication header. An attacker could exploit this vulnerability to obtain credentials and other sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285690 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2024-29041
**DESCRIPTION:**Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted URL to redirect a victim to arbitrary Web sites.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286404 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVEID:CVE-2024-29180
**DESCRIPTION:**webpack webpack-dev-middleware could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/286153 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
QRadar Log Source Management App | 1.0.0 - 7.0.8 |
IBM encourages customers to update their systems promptly.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.0.9 |
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
7 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.4%