80 matches found
CVE-2021-29757
IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168...
IBM QRadar User Behavior Analytics Cross-Site Request Forgery Vulnerability
IBM QRadar User Behavior Analytics UBA is a user behavior analysis software from IBM, USA. User activity can be analyzed to detect suspicious insiders and determine if user credentials have been stolen. Security analysts can easily view at-risk users, examine their anomalous activity, and drill...
Security Bulletin: User Behavior Analytics application add on to IBM QRadar SIEM performs improper CSRF checking for some components ( CVE-2021-29757)
Summary User Behavior Analytics application add on to IBM QRadar SIEM performs improper CSRF checking for some components. Vulnerability Details CVEID: CVE-2021-29757 DESCRIPTION: IBM QRadar User Behavior Analytics is vulnerable to cross-site request forgery which could allow an attacker to execu...
[Whitepaper] XDR vs. NDR/NTA – What do Organizations Truly Need to Stay Safe?
Security teams whose organizations are outside the Fortune 500 are faced with a dilemma. Most teams will have to choose between deploying either a network traffic analysis NTA or network detection and response NDR tool or an endpoint detection and response EDR tool to supplement their existing...
IBM QRadar User Behavior Analytics Information Disclosure Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An information...
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
CVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
CVE-2021-20392
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2021-20393
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001...
CVE-2021-20392
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
Cross site scripting
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
Information disclosure
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001...
Code injection
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
Cross site scripting
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2021-20429
CVE-2021-20429 affects IBM QRadar User Behavior Analytics add-on for QRadar SIEM (versions 1.0.0–4.1.0). The root cause is an overly permissive cross-domain policy (CORS) that can disclose sensitive information. IBM’s bulletin cites CVSSv3.0 base score 3.7 and recommends upgrading to version 4.1....
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
CVE-2021-20393
CVE-2021-20393 affects IBM QRadar User Behavior Analytics (UBA) add-on for QRadar SIEM, versions 1.0.0–4.1.0 . The underlying issue is an information disclosure vulnerability where a detailed technical error message returned in the browser can reveal sensitive data, potentially enabling further a...
CVE-2021-20393
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001...