Lucene search

IbmCVE-2014-4825

HistoryOct 19, 2014 - 1:55 a.m.

CVE-2014-4825

2014-10-1901:55:14

CWE-310

ibm

web.nvd.nist.gov

ibm

security

qradar

siem

qrm

qvm

cve-2014-4825

mr1

mr2

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

39.9%

JSON

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not properly implement secure connections, which allows man-in-the-middle attackers to discover cleartext credentials via unspecified vectors.

Affected configurations

Nvd

Node

ibmqradar_security_information_and_event_managerMatch7.1.0

ibmqradar_security_information_and_event_managerMatch7.2.0

VendorProductVersionCPE
ibmqradar_security_information_and_event_manager7.1.0cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.0cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	qradar_security_information_and_event_manager	7.1.0	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:::::::*
ibm	qradar_security_information_and_event_manager	7.2.0	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21686478

exchange.xforce.ibmcloud.com/vulnerabilities/95575

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.001

Percentile

39.9%

JSON

Related for CVE-2014-4825