Cross-Site Scripting Vulnerability in IBM QRadar 7.2 and 7.3
CVE-2017-1234

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Security Qradar Siem
Vendor: CVE Published:; 27 June 2017

🔔 Create IBM Vulnerability Alert

What is CVE-2017-1234?

IBM QRadar versions 7.2 and 7.3 exhibit a cross-site scripting vulnerability that permits attackers to inject malicious JavaScript into the Web UI. This flaw can compromise session data and potentially allow unauthorized disclosure of user credentials due to the execution of arbitrary code within a trusted web environment.

Affected Version(s)

Security QRadar SIEM 7.2

Security QRadar SIEM 7.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/123913

x_refsource_MISC

http://www.securityfocus.com/bid/99265

vdb-entryx_refsource_BID

http://www.ibm.com/support/docview.wss?uid=swg22004948

x_refsource_CONFIRM

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2017
Vulnerability Reserved
Nov 30, 2016

.