2 matches found
Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1999)
Summary Sensitive parameters were passed in the request query to QRadar Incident Forensics Vulnerability Details VULNERABILITY DETAILS CVE-ID: CVE-2015-1999 Description: IBM QRadar could allow an attacker to obtain sensitive information such as sessionIDs through a query of an SSL request...
CVE-2015-1999
IBM QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 exposes session IDs in HTTPS URLs, enabling an attacker to read sensitive data from web-server access logs, Referer logs, or browser history. Affected product: IBM QRadar Incident Forensics 7.2.x. Root cause: session IDs stored in URLs. Imp...