Cross site scripting

2022-05-1116:15:00

PRIOn knowledge base

www.prio-n.com

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.8%

JSON

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367.

CPENameOperatorVersion
qradar_security_information_and_event_managereq7.3.3
qradar_security_information_and_event_managereq7.3.3 fixpack1
qradar_security_information_and_event_managereq7.3.3 fixpack2
qradar_security_information_and_event_managereq7.3.3 fixpack3
qradar_security_information_and_event_managereq7.3.3 fixpack4
qradar_security_information_and_event_managereq7.3.3 fixpack5
qradar_security_information_and_event_managereq7.3.3 fixpack6
qradar_security_information_and_event_managereq7.3.3 fixpack7
qradar_security_information_and_event_managereq7.4.3 fixpack1
qradar_security_information_and_event_managereq7.4.3 fixpack2

Name	Operator	Version
qradar_security_information_and_event_manager	eq	7.3.3
qradar_security_information_and_event_manager	eq	7.3.3 fixpack1
qradar_security_information_and_event_manager	eq	7.3.3 fixpack2
qradar_security_information_and_event_manager	eq	7.3.3 fixpack3
qradar_security_information_and_event_manager	eq	7.3.3 fixpack4
qradar_security_information_and_event_manager	eq	7.3.3 fixpack5
qradar_security_information_and_event_manager	eq	7.3.3 fixpack6
qradar_security_information_and_event_manager	eq	7.3.3 fixpack7
qradar_security_information_and_event_manager	eq	7.4.3 fixpack1
qradar_security_information_and_event_manager	eq	7.4.3 fixpack2