Sensitive Cookie Disclosure in IBM Security QRadar Products
CVE-2014-4832

Currently unrated

Key Information:

Vendor: IBM
Status: Qradar Risk Manager
Vendor: CVE Published:; 28 November 2014

Summary

IBM Security QRadar products, specifically QRadar SIEM and QRadar Risk Manager versions prior to MR2 Patch 9 for 7.1 and before 7.2.4 Patch 1 for 7.2, along with QRadar Vulnerability Manager before version 7.2.4 Patch 1, are susceptible to a vulnerability that allows remote attackers to sniff network traffic and access sensitive cookie information during an HTTP session. This exposure could lead to unauthorized access to user sessions and sensitive data.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21691211

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95582

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 28, 2014
Vulnerability Reserved
Jul 9, 2014