IBM94FADA4AE98FD0FE73379C83B83518B5EBBD0B061555EC9B6A6515E66E87E180Security Bulletin: IBM QRadar SIEM is vulnerable to Cross Site Request Forgery. (CVE-2016-2878)
EPSS
Percentile
32.6%
Summary
Instances of Cross-Site Request Forgery have been found in IBM QRadar SIEM.
Vulnerability Details
CVE-ID: CVE-2016-2878 **
Description:IBM QRadar is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities. **
CVSS Base Score: 4.3**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/112851 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected Products and Versions
ยท IBM QRadar 7.2.n
ยท IBM QRadar 7.1.n
Remediation/Fixes
ยท QRadar / QRM / QVM / QRIF 7.2.7
ยท IBM QRadar SIEM 7.1 MR2 Patch 13
Workarounds and Mitigations
None
Related
EPSS
Percentile
32.6%