Sensitive Information Exposure in IBM Security QRadar Incident Forensics
CVE-2015-1999

Currently unrated

Key Information:

Vendor: IBM
Status: Security Qradar Incident Forensics
Vendor: CVE Published:; 8 November 2015

Summary

The vulnerability allows remote attackers to extract sensitive information through the exposure of session IDs in HTTPS URLs due to improper handling. When accessed, these session IDs may appear in web-server access logs, Referer logs, or be retrievable from the user's browser history, potentially leading to unauthorized access or information leakage.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21968269

x_refsource_CONFIRM

Timeline

Vulnerability published
Nov 8, 2015
Vulnerability Reserved
Feb 19, 2015