Lucene search

IbmCVE-2015-1997

HistoryNov 08, 2015 - 10:59 p.m.

CVE-2015-1997

2015-11-0822:59:06

CWE-352

ibm

web.nvd.nist.gov

ibm

security

qradar

vulnerability manager

csrf

vulnerability

remote attack

authentication

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Affected configurations

Nvd

Node

ibmsecurity_qradar_incident_forensicsMatch7.2.0

ibmsecurity_qradar_incident_forensicsMatch7.2.1

ibmsecurity_qradar_incident_forensicsMatch7.2.2

ibmsecurity_qradar_incident_forensicsMatch7.2.3

ibmsecurity_qradar_incident_forensicsMatch7.2.4

ibmsecurity_qradar_incident_forensicsMatch7.2.5

VendorProductVersionCPE
ibmsecurity_qradar_incident_forensics7.2.0cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.0:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.1cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.1:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.2cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.2:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.3cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.3:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.4cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.4:*:*:*:*:*:*:*
ibmsecurity_qradar_incident_forensics7.2.5cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	security_qradar_incident_forensics	7.2.0	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.0:::::::*
ibm	security_qradar_incident_forensics	7.2.1	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.1:::::::*
ibm	security_qradar_incident_forensics	7.2.2	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.2:::::::*
ibm	security_qradar_incident_forensics	7.2.3	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.3:::::::*
ibm	security_qradar_incident_forensics	7.2.4	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.4:::::::*
ibm	security_qradar_incident_forensics	7.2.5	cpe:2.3:a:ibm:security_qradar_incident_forensics:7.2.5:::::::*

References

www-01.ibm.com/support/docview.wss?uid=swg21970140

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.6

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

Related for CVE-2015-1997