PT-2014-6150 · Ibm · Ibm Security Qradar Vulnerability Manager+2
Published
2014-11-28
·
Updated
2017-08-29
·
CVE-2014-4832
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security QRadar SIEM and QRadar Risk Manager versions 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1
IBM Security QRadar SIEM and QRadar Risk Manager version 7.2 before 7.2.4 Patch 1
IBM Security QRadar Vulnerability Manager version 7.2 before 7.2.4 Patch 1
Description
The issue allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
Recommendations
For IBM Security QRadar SIEM and QRadar Risk Manager versions 7.1 before MR2 Patch 9, apply MR2 Patch 9 to resolve the issue.
For IBM Security QRadar SIEM and QRadar Risk Manager version 7.2 before 7.2.4 Patch 1, update to 7.2.4 Patch 1 to resolve the issue.
For IBM Security QRadar Vulnerability Manager version 7.2 before 7.2.4 Patch 1, update to 7.2.4 Patch 1 to resolve the issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Qradar Risk Manager
Ibm Security Qradar Siem
Ibm Security Qradar Vulnerability Manager