157 matches found
Mozilla Says Google's New Ad Tech—FLoC—Doesn't Protect User Privacy
Google's upcoming plans to replace third-party cookies with a less invasive ad targeted mechanism have a number of issues that could defeat its privacy objectives and allow for significant linkability of user behavior, possibly even identifying individual users. "FLoC is premised on a compelling...
IBM QRadar User Behavior Analytics Information Disclosure Vulnerability
IBM QRadar SIEM is an IBM USA solution that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user activity, and more. An information...
CVE-2021-20392
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
CVE-2021-20393
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001...
CVE-2021-20392
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
CVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
Information disclosure
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001...
Cross site scripting
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
Cross site scripting
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
Code injection
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334...
CVE-2021-20429
CVE-2021-20429 affects IBM QRadar User Behavior Analytics add-on for QRadar SIEM (versions 1.0.0–4.1.0). The root cause is an overly permissive cross-domain policy (CORS) that can disclose sensitive information. IBM’s bulletin cites CVSSv3.0 base score 3.7 and recommends upgrading to version 4.1....
CVE-2021-20393
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001...
CVE-2021-20393
CVE-2021-20393 affects IBM QRadar User Behavior Analytics (UBA) add-on for QRadar SIEM, versions 1.0.0–4.1.0 . The underlying issue is an information disclosure vulnerability where a detailed technical error message returned in the browser can reveal sensitive data, potentially enabling further a...
CVE-2021-20392
IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...
CVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999...
CVE-2021-20392
CVE-2021-20392 affects IBM QRadar User Behavior Analytics (the add-on to QRadar SIEM) versions 1.0.0–4.0.1. The vulnerability is a cross-site scripting flaw in the Web UI caused by insufficient validation of client data, enabling attackers to inject arbitrary JavaScript into the UI and potentiall...