Sensitive Local-Cache Information Exposure in IBM Security QRadar Incident Forensics
CVE-2015-1996

Currently unrated

Key Information:

Vendor: IBM
Status: Security Qradar Incident Forensics
Vendor: CVE Published:; 8 November 2015

What is CVE-2015-1996?

A vulnerability in IBM Security QRadar Incident Forensics, specifically versions prior to 7.2.5 Patch 5, allows attackers who have physical access to an unattended workstation to retrieve sensitive information from the local cache due to the improper handling of HTTPS response caching. This flaw presents a significant risk for environments where security is paramount and unattended access could lead to data compromise.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21970139

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Feb 19, 2015