Medium Severity

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Cross-Site Scripting (CVE-2018-1728)

Dec 4, 2018 8:02 am EDT

Categorized: Medium Severity

Share this post:

The product allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality and allowing spoofing attacks.

CVE(s): CVE-2018-1728

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 13

IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10742723
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147707


Previous Post

IBM Security Bulletin:

Next Post

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to XML External Entity Injection (CVE-2018-1730)
More stories

IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

May 24, 2019 9:01 am EDT | Medium Severity

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates. CVE(s): CVE-2019-4139 Affected product(s) and affected ...read more

IBM Security Bulletin: Cross-site scripting and failure to enforce HTTP Strict Transport Security vulnerabilities in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-4137, CVE-2019-4138)

May 24, 2019 9:01 am EDT | Medium Severity

IBM Spectrum Control (formerly Tivoli Storage Productivity Center) is vulnerable to cross-site scripting and failure to enforce HTTP Strict Transport Security. CVE(s): CVE-2019-4137, CVE-2019-4138 Affected product(s) and affected version(s): IBM Spectrum Control 5.2.13 – 5.2.17.2 IBM Spectrum Control 5.3.0 – 5.3.2 The versions listed above apply to all licensed offerings of IBM Spectrum Control. Refer ...read more

IBM Security Bulletin: Guardium StealthBits Integration is affected by an OpenSSL vulnerability

May 24, 2019 9:01 am EDT | Medium Severity

IBM Security Guardium is aware of the following vulnerability CVE(s): CVE-2019-1559 Affected product(s) and affected version(s): Affected IBM Security Guardium Affected Versions IBM Security Guardium 10.1.4 – 10.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885200X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/157514 ...read more