IBM QRadar SIEM and Incident Forensics allow web requests for sensitive operations to be stored in 3rd party websites which can lead to unauthorized alterations of the product and user data.
CVEID: CVE-2016-9730**
DESCRIPTION:** IBM QRadar Incident Forensics is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119759> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
ā¢ IBM QRadar SIEM 7.2.n
ā¢ IBM QRadar Incident Forensics 7.2.n
ā¢ IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4
None