IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728)

Dec 4, 2018 8:02 am EST

Share this post:

The product allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and allowing spoofing attacks.

CVE(s): CVE-2018-1728

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 13

IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10742723
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147707

Medium Severity

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico

Dec 8, 2018 9:01 am EST | Medium Severity

IBM Cloud Kubernetes Service is affected by a security vulnerability in Project Calico, the network CNI plugin used in IBM Cloud Kubernetes Service. In some scenarios, Calico will write configuration data in log files including service account tokens included in the configuration. This will expose Calico service account tokens in log files which could lead ...read more

IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns

Dec 8, 2018 9:01 am EST | Medium Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s): IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 ...read more

IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)

Dec 8, 2018 9:01 am EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of `AbstractDocument`. Fix has been put in place to check the class type before instantiating during the deserialization process CVE(s): CVE-2018-8013 Affected product(s) ...read more

Medium Severity

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728)

IBM Security Bulletin:

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico

Dec 8, 2018 9:01 am EST | Medium Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns

Dec 8, 2018 9:01 am EST | Medium Severity

IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)

Dec 8, 2018 9:01 am EST | Medium Severity