Ibm Qradar Security Information And Event Manager 7.1.2 Patch 5

CPE Details

Ibm Qradar Security Information And Event Manager 7.1.2 Patch 5
ibm
qradar_security_information_and_event_manager
7.1.2
2019-06-06
16h40 +00:00
2019-06-06
16h40 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2:p5:*:*:*:*:*:*

Informations

Vendor

ibm

Product

qradar_security_information_and_event_manager

Version

7.1.2

Update

p5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2019-4264 2019-05-29 15h10 +00:00 IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sensitive information by spoofing a trusted entity using man in the middle techniques due to not validating or incorrectly validating a certificate. IBM X-Force ID: 160072.
5.9
Medium
CVE-2016-2868 2016-07-02 12h00 +00:00 IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
2.7
Low
CVE-2014-7169 2014-09-25 01h00 +00:00 GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
9.8
Critical
CVE-2014-6271 2014-09-24 18h00 +00:00 GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
9.8
Critical
CVE-2014-0835 2014-01-30 01h00 +00:00 Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings.
6.8
CVE-2014-0836 2014-01-30 01h00 +00:00 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
4.3
CVE-2014-0837 2014-01-30 01h00 +00:00 The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate.
4.3
CVE-2014-0838 2014-01-30 01h00 +00:00 The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.
7.5