PT-2018-4359 · Ibm · Ibm Qradar Siem
Publicado
2018-03-29
·
Atualizado
2018-04-23
·
CVE-2015-2009
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
IBM QRadar SIEM versions 7.1 before MR2 Patch 11 Interim Fix 02
IBM QRadar SIEM versions 7.2.x before 7.2.5 Patch 4
Description
A cross-site request forgery (CSRF) issue exists in the xmlrpc.cgi service, allowing remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin.
Recommendations
For IBM QRadar SIEM version 7.1, apply MR2 Patch 11 Interim Fix 02 to resolve the issue.
For IBM QRadar SIEM version 7.2.x, apply Patch 4 to resolve the issue.
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ibm Qradar Siem