479 matches found
Security Bulletin: IBM QRadar SIEM is vulnerable to information diclosures and cross-site scripting
Summary Several potential Cross-Site Scripting and Information Disclosure issues addressed in IBM QRadar SIEM 7.5.0 UP15 Vulnerability Details CVEID:CVE-2025-13995 DESCRIPTION: IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostna...
Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel i...
CVE-2024-56462
IBM QRadar SIEM 7.5.0 to 7.5.0 UP15 Interim Fix 002 contains a vulnerability where a privileged user can upload a malicious backup archive, which could be restored to gain access to the underlying operating system. Affected versions: 7.5.0 through UP15 IF002. Root cause and exact remediation are ...
Security Bulletin: Investigation Assistant App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Investigation Assistant App for IBM QRadar SIEM has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-27628 DESCRIPTION: pypdf i...
CVE-2025-15051 IBM QRadar SIEM Cross-Site Scripting
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2025-15051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...
CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2026-1276
IBM QRadar SIEM is vulnerable to cross-site scripting (CVE-2026-1276). The issue affects QRadar SIEM versions 7.5.0 up to 7.5.0 UP14, where an authenticated user can embed arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The linked connec...
Security Bulletin: The Log Source Management App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. Log Source Management App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2025-57753 DESCRIPTION: vite-plugin-static-cop...
CVE-2023-50949
IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706...
CVE-2024-56464
IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...
CVE-2024-56464
CVE-2024-56464 affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 IF01, with an information-disclosure vulnerability exposing directory information (CWE-548). Underlying issue is directory listing exposure; CVSS v3.1 base score 2.7 (LOW), vector: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. IBM Secu...
Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM
Summary Multiple vulnerabilities were addressed in IBM QRadar SIEM version 7.5.0 UP14 IF02 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...
Security Bulletin: IBM QRadar SIEM is affected by an information disclosure vulnerability
Summary IBM QRadar SIEM is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update. Vulnerability Details CVEID:CVE-2024-56464 DESCRIPTION: IBM QRadar SIEM could allow a privileged user to enumerate...
EUVD-2025-150401
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user...
CVE-2025-33119
CVE-2025-33119 affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP14. The underlying issue is the improper storage of credentials in configuration files within source control, which an authenticated user can read, leading to potential credential disclosure. The CVSS base score is 6.5 (Medium) w...
CVE-2025-36007
IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script. The issue affects the App Framework privilege handling and could allow an authenticated attacker with low privileges to escalate with...
EUVD-2018-12227
Malware in sbrugna...
EUVD-2018-12308
Malware in sbrugna...