IBM663CA4AE83109FE8FE0B2768DB679FD2DE07E87B1F3977D14C29B62B197243A6Security Bulletin: IBM QRadar SIEM contains vulnerable components and libraries. (CVE-2014-1211)
EPSS
Percentile
55.9%
Summary
The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.
Vulnerability Details
CVEID: CVE-2014-1211**
DESCRIPTION:** VMware vCloud Director is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the Hyper Text Transfer Protocol (http) session management. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS Base Score: 4.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/90560> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Affected Products and Versions
QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 2
QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11
7.3.0-QRADAR-PROTOCOL-VMwarevCloudProtocol-7.3-20161117150303
7.2.0-QRADAR-PROTOCOL-VMwarevCloud-7.2-606255
Remediation/Fixes
PROTOCOL-VMwarevCloudProtocol-7.3-20180412195452
PROTOCOL-VMwarevCloud-7.2-20180412155342
Workarounds and Mitigations
None
Related
EPSS
Percentile
55.9%