Cross site scripting

2023-11-1116:15:00

PRIOn knowledge base

www.prio-n.com

ibm

qradar siem

7.5.0

cross-site scripting

vulnerability

javascript

web ui

credentials disclosure

trusted session

ibm x-force

nvd

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.2%

JSON

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 267484.

CPENameOperatorVersion
qradar_security_information_and_event_managereq7.5.0
qradar_security_information_and_event_managereq7.5.0 updatepack1
qradar_security_information_and_event_managereq7.5.0 updatepack2
qradar_security_information_and_event_managereq7.5.0 updatepack3
qradar_security_information_and_event_managereq7.5.0 updatepack4
qradar_security_information_and_event_managereq7.5.0 updatepack5
qradar_security_information_and_event_managereq7.5.0 updatepack6
qradar_security_information_and_event_managereq7.5.0 updatepack7

Name	Operator	Version
qradar_security_information_and_event_manager	eq	7.5.0
qradar_security_information_and_event_manager	eq	7.5.0 updatepack1
qradar_security_information_and_event_manager	eq	7.5.0 updatepack2
qradar_security_information_and_event_manager	eq	7.5.0 updatepack3
qradar_security_information_and_event_manager	eq	7.5.0 updatepack4
qradar_security_information_and_event_manager	eq	7.5.0 updatepack5
qradar_security_information_and_event_manager	eq	7.5.0 updatepack6
qradar_security_information_and_event_manager	eq	7.5.0 updatepack7