Stephen Hosom

**Name of the Vulnerable Software and Affected Versions** IBM Security QRadar SIEM versions 7.1 through 7.2 before 7.2 MR1 Patch 1 **Description** A cross-site scripting (XSS) issue exists in the Right Click Plugin context menus, allowing remote authenticated users to inject arbitrary web script or HTML. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For IBM Security QRadar SIEM versions 7.1 through 7.2 before 7.2 MR1 Patch 1, update to 7.2 MR1 Patch 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Identity Services Engine (ISE) versions 1.0 through 1.1.0 before 1.1.0.665-5 Cisco Identity Services Engine (ISE) version 1.1.1 before 1.1.1.268-7 Cisco Identity Services Engine (ISE) version 1.1.2 before 1.1.2.145-10 Cisco Identity Services Engine (ISE) version 1.1.3 before 1.1.3.124-7 Cisco Identity Services Engine (ISE) version 1.1.4 before 1.1.4.218-7 Cisco Identity Services Engine (ISE) version 1.2 before 1.2.0.899-2 **Description** The web framework in Cisco Identity Services Engine (ISE) allows remote authenticated users to execute arbitrary commands via a crafted session on TCP port 443. **Recommendations** For version 1.0, update to a version after 1.1.0.665-5. For version 1.1.0, update to 1.1.0.665-5 or later. For version 1.1.1, update to 1.1.1.268-7 or later. For version 1.1.2, update to 1.1.2.145-10 or later. For version 1.1.3, update to 1.1.3.124-7 or later. For version 1.1.4, update to 1.1.4.218-7 or later. For version 1.2, update to 1.2.0.899-2 or later.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar Security Information and Event Manager (SIEM) versions prior to 7.1 MR2 Patch 1 **Description** The issue allows remote authenticated users to execute operating-system commands. **Recommendations** For versions prior to 7.1 MR2 Patch 1, update to 7.1 MR2 Patch 1 or later to resolve the issue.