Lucene search

IbmCVE-2015-1996

HistoryNov 08, 2015 - 10:59 p.m.

CVE-2015-1996

2015-11-0822:59:05

CWE-200

ibm

web.nvd.nist.gov

ibm

security

qradar

incident forensics

patch

vulnerability

https

cache

attack

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

12.6%

JSON

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.

Affected configurations

Nvd

Node

ibmsecurity_qradar_incident_forensicsMatch7.2.0

ibmsecurity_qradar_incident_forensicsMatch7.2.1

ibmsecurity_qradar_incident_forensicsMatch7.2.2

ibmsecurity_qradar_incident_forensicsMatch7.2.3

ibmsecurity_qradar_incident_forensicsMatch7.2.4

ibmsecurity_qradar_incident_forensicsMatch7.2.5

VendorProductVersionCPE
ibmsecurity_qradar_incident_forensics7.2.0cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.0:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.1cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.1:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.2cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.2:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.3cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.3:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.4cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.4:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.5cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_qradar_incident_forensics	7.2.0	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.0:::::::*
ibm	security_qradar_incident_forensics	7.2.1	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.1:::::::*
ibm	security_qradar_incident_forensics	7.2.2	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.2:::::::*
ibm	security_qradar_incident_forensics	7.2.3	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.3:::::::*
ibm	security_qradar_incident_forensics	7.2.4	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.4:::::::*
ibm	security_qradar_incident_forensics	7.2.5	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.5:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21970139

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

Percentile

12.6%

JSON

Related for CVE-2015-1996