PT-2014-7025 · Ibm · Ibm Security Qradar Siem+2

Publicado

2014-11-28

·

Atualizado

2017-09-08

·

CVE-2014-6075

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions IBM Security QRadar SIEM and QRadar Risk Manager versions 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1 IBM Security QRadar Vulnerability Manager version 7.2 before 7.2.4 Patch 1
Description The issue allows remote attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, because credentials are placed in URLs.
Recommendations For IBM Security QRadar SIEM and QRadar Risk Manager versions 7.1 before MR2 Patch 9, apply MR2 Patch 9 or later. For IBM Security QRadar SIEM and QRadar Risk Manager version 7.2 before 7.2.4 Patch 1, apply 7.2.4 Patch 1 or later. For IBM Security QRadar Vulnerability Manager version 7.2 before 7.2.4 Patch 1, apply 7.2.4 Patch 1 or later.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-6075

Produtos afetados

Ibm Security Qradar Risk Manager
Ibm Security Qradar Siem
Ibm Security Qradar Vulnerability Manager