PT-2014-7025 · Ibm · Ibm Security Qradar Siem+2
Published
2014-11-28
·
Updated
2017-09-08
·
CVE-2014-6075
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IBM Security QRadar SIEM and QRadar Risk Manager versions 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1
IBM Security QRadar Vulnerability Manager version 7.2 before 7.2.4 Patch 1
Description
The issue allows remote attackers to obtain sensitive information by reading web-server access logs, web-server Referer logs, or the browser history, because credentials are placed in URLs.
Recommendations
For IBM Security QRadar SIEM and QRadar Risk Manager versions 7.1 before MR2 Patch 9, apply MR2 Patch 9 or later.
For IBM Security QRadar SIEM and QRadar Risk Manager version 7.2 before 7.2.4 Patch 1, apply 7.2.4 Patch 1 or later.
For IBM Security QRadar Vulnerability Manager version 7.2 before 7.2.4 Patch 1, apply 7.2.4 Patch 1 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ibm Security Qradar Risk Manager
Ibm Security Qradar Siem
Ibm Security Qradar Vulnerability Manager