Medium Severity

Security Bulletin: IBM QRadar Advisor With Watson is vulnerable to cross site scripting

Share this post:

IBM QRadar Advisor is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE(s): CVE-2021-38896

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Qradar Advisor QRadar Advisor 2.5 – QRadar Advisor 2.6.1

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6506461
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/209566

More stories

Security Bulletin: Security Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2020 – affect multiple IBM Continuous Engineering products based on IBM Jazz Technology

Dec 1, 2021 7:02 pm EST | Medium Severity

There are multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - Oct 2020 - Includes Oracle Oct 2020 CPU minus CVE-2020-14781 and CVE-2020-14782 and CVE-2020-14782 that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Global Configuration Management (GCM). These issues were disclosed as part of the IBM Java SDK updates in Oct 2020. ...read more


Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Netty.io

Dec 1, 2021 7:01 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Netty.io. ...read more


Security Bulletin: Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error (XXE) (CVE-2010-2245)

Dec 1, 2021 7:00 pm EST | Medium Severity

Apache Wink as used by IBM Disconnected Log Collector is vulnerable to an XML External Entity Error (XXE) ...read more