IBM QRadar SIEM could allow users to embed code in the UI that may lead to Cross-Site Scripting.
CVEID: CVE-2018-2021
**Description:**IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
**CVSS Base Score:**6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/155345> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ยท IBM QRadar 7.3 to 7.3.2 GA
ยท IBM QRadar 7.2 to 7.2.8 Patch 15
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.2 Patch 1
IBM QRadar/QRM/QVM/QRIF/QNI 7.3.1 Patch 8
IBM QRadar/QRM/QVM/QRIF/QNI 7.2.8 Patch 16
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.2 | |
ibm security qradar siem | eq | 7.3 |