Cross site scripting

2023-10-1417:15:00

PRIOn knowledge base

www.prio-n.com

ibm

qradar

siem

cross site scripting

vulnerability

javascript

web ui

credentials disclosure

trusted session

x-force

nvd

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 263376.

CPENameOperatorVersion
qradar_security_information_and_event_managereq7.5.0
qradar_security_information_and_event_managereq7.5.0 updatepack1
qradar_security_information_and_event_managereq7.5.0 updatepack2
qradar_security_information_and_event_managereq7.5.0 updatepack3
qradar_security_information_and_event_managereq7.5.0 updatepack4
qradar_security_information_and_event_managereq7.5.0 updatepack5
qradar_security_information_and_event_managereq7.5.0 updatepack6

Name	Operator	Version
qradar_security_information_and_event_manager	eq	7.5.0
qradar_security_information_and_event_manager	eq	7.5.0 updatepack1
qradar_security_information_and_event_manager	eq	7.5.0 updatepack2
qradar_security_information_and_event_manager	eq	7.5.0 updatepack3
qradar_security_information_and_event_manager	eq	7.5.0 updatepack4
qradar_security_information_and_event_manager	eq	7.5.0 updatepack5
qradar_security_information_and_event_manager	eq	7.5.0 updatepack6