Security Bulletin: Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-5421)

Summary Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation Vulnerability Details CVEID: CVE-2020-5421 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a...

CVE-2019-20768

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparmitemguid and sysid parameters in an Incident Request to servicecatalog.do...

Security Bulletin: IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-4151)

Summary IBM QRadar SIEM is vulnerable to improper input validation, allowing an authenticated attacker to perform unauthorized actions Vulnerability Details CVEID: CVE-2020-4151 DESCRIPTION: IBM QRadar could allow an authenticated attacker to perform unauthorized actions due to improper input...

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities (CVE-2017-3164)

Summary IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities Vulnerability Details CVEID: CVE-2017-3164 DESCRIPTION: Apache Solr is vulnerable to server-side request forgery, caused by not having corresponding allowlist mechanism in the shards parameter. By using a...

Security Bulletin: IBM QRadar SIEM is vulnerable to information exposure (CVE-2019-4593)

Summary IBM QRadar SIEM is vulnerable to information exposure Vulnerability Details CVEID: CVE-2019-4593 DESCRIPTION: IBM QRadar generates an error message that includes sensitive information that could be used in further attacks against the system. CVSS Base score: 4.3 CVSS Temporal Score: See:...

Security Bulletin: IBM QRadar SIEM is vulnerable to Server-Side Request Forgery (SSRF) (CVE-2020-4294)

Summary IBM QRadar SIEM is vulnerable to Server-Side Request Forgery SSRF Vulnerability Details CVEID: CVE-2020-4294 DESCRIPTION: IBM QRadar SIEM is vulnerable to Server Side Request Forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially...

Security Bulletin: IBM QRadar SIEM is vulnerable to PHP object injection (CVE-2020-4271)

Summary IBM QRadar SIEM is vulnerable to PHP object injection Vulnerability Details CVEID: CVE-2020-4271 DESCRIPTION: IBM QRadar could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. CVSS Base score: 6.3 CVSS Temporal Score: See:...

Security Bulletin: IBM QRadar SIEM is vulnerable to instantiation of arbitrary objects (CVE-2020-4272)

Summary IBM QRadar SIEM is vulnerable to vulnerable to instantiation of arbitrary objects based on user-supplied input. Vulnerability Details CVEID: CVE-2020-4272 DESCRIPTION: IBM QRadar could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted...

CVE-2005-2351

Mutt before 1.5.20 patch 7 allows an attacker to cause a denial of service via a series of requests to mutt temporary files...

Zimbra Web Client (ZWC) Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the American company Zimbra. The product includes WebMail, Calendar, Address Book, etc. Zimbra Web Client ZWC is one of the e-mail client program. A cross-site scripting vulnerability exists in the briefcase component of ZW...

CVE-2018-14425

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite ZCS Zimbra Web Client ZWC 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1...

Sql injection

An issue was discovered in OpenEMR before 5.0.1 Patch 7. SQL Injection exists in the SaveAudit function in /portal/lib/paylib.php and the portalAudit function in /portal/lib/appsql.class.php...

Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728)

Summary The product allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and allowing spoofing attacks. Vulnerability Details CVEID: CVE-2018-1728 Description: IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to...

Security Bulletin: The Application framework within IBM QRadar SIEM is vulnerable to Improper Certificate Validation (CVE-2017-1622)

Summary The software does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle MITM attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be...

Security Bulletin: IBM QRadar SIEM has weak password requirements. (CVE-2016-9738)

Summary The product does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. Vulnerability Details CVEID: CVE-2016-9738 DESCRIPTION: IBM QRadar does not require that users should have strong passwords by default, which...

CVE-2016-8007

Authentication bypass vulnerability in McAfee Host Intrusion Prevention Services HIPS 8.0 Patch 7 and earlier allows authenticated users to manipulate the product's registry keys via specific conditions...

Design/Logic Flaw

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029...

CVE-2016-3414

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029...

McAfee VirusScan Enterprise < 8.8 Patch 7 Protected Resource Access Bypass (SB10151)

The version of McAfee VirusScan Enterprise VSE installed on the remote Windows host is prior to 8.8 Patch 7. It is, therefore, affected by a flaw in its self-protection mechanism when applying rules to access settings, which are used to determine what applications and associated actions can be...

CVE-2015-2115

Unspecified vulnerability in HP Capture and Route Software HPCR 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information via unknown vectors...