CVE-2014-6075

Currently unrated

Key Information:

Vendor: IBM
Status: Qradar Risk Manager
Vendor: CVE Published:; 28 November 2014

Summary

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21691211

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/95727

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Nov 28, 2014
Vulnerability Reserved
Sep 2, 2014