Cross-Site Scripting Vulnerability in IBM QRadar Product
CVE-2017-1623

6.1MEDIUM

Key Information:

Vendor

IBM
Status
Security Qradar Siem
Vendor
CVE Published:
10 January 2018

What is CVE-2017-1623?

IBM QRadar versions 7.2 and 7.3 are susceptible to a cross-site scripting (XSS) vulnerability. This flaw enables an attacker to inject arbitrary JavaScript code into the web interface, which can manipulate the application's intended functions. Such exploitation may lead to unauthorized access to user credentials within a trusted session, posing significant security risks to users. For detailed information about this vulnerability, refer to the IBM X-Force ID: 133121 and additional resources.

Affected Version(s)

Security QRadar SIEM 7.2

Security QRadar SIEM 7.3

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/133121
x_refsource_MISC
http://www.ibm.com/support/docview.wss?uid=swg22012344
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102476
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.