Mohammed Shameem Shahnawaz

**Name of the Vulnerable Software and Affected Versions** IBM QRadar SIEM versions 7.3 through 7.4 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. This is due to a cross-site scripting vulnerability. **Recommendations** For IBM QRadar SIEM versions 7.3 through 7.4, update to a version that includes the fix for this issue to prevent cross-site scripting attacks. As a temporary workaround, consider restricting access to the Web UI to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar versions 7.2 through 7.3 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM QRadar versions 7.2 through 7.3, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar version 7.2 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM QRadar version 7.2, update to a version that includes the fix for the issue referenced by IBM Reference #: 1999534.

**Name of the Vulnerable Software and Affected Versions** IBM QRadar version 7.2 **Description** The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session. **Recommendations** For IBM QRadar version 7.2, update to a version that includes the fix for the issue referenced by IBM Reference #: 1999534.