IBM QRadar Network Security has addressed potential issues of Cross-Site Scripting
CVEID: CVE-2017-1457**
DESCRIPTION:** IBM QRadar Network Security is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base Score: 6.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/128376> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
IBM QRadar Network Security 5.4
Product
| VRMF| Remediation/First Fix
—|—|—
IBM QRadar Network Security| Firmware version 5.4| Install Firmware 5.4.0.2 from the Available Updates page of the Local Management Interface, or by performing a One Time Scheduled Installation from SiteProtector.
Or
Download Firmware 5.4.0.2 from IBM Security License Key and Download Center and upload and install via the Available Updates page of the Local Management Interface.
None