Freddie Sibley-Calder

**Name of the Vulnerable Software and Affected Versions** ePO versions prior to 5.10 SP1 Update 1 **Description** A reflected cross-site scripting (XSS) vulnerability allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO. **Recommendations** For versions prior to 5.10 SP1 Update 1, update to version 5.10 SP1 Update 1 or later to resolve the issue. As a temporary workaround, consider restricting access to links from untrusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.3 through 7.5 **Description** The issue allows for local privilege escalation. If combined with other unknown vulnerabilities, it could potentially lead to privilege escalation. **Recommendations** For versions 7.3 through 7.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.