First published: Fri Nov 28 2014(Updated: )
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Ibm Qradar Risk Manager | =7.1.0 | |
Ibm Qradar Risk Manager | =7.2.0 | |
Ibm Qradar Risk Manager | =7.2.1 | |
Ibm Qradar Risk Manager | =7.2.2 | |
Ibm Qradar Risk Manager | =7.2.3 | |
Ibm Qradar Risk Manager | =7.2.4 | |
Ibm Qradar Vulnerability Manager | =7.2.0 | |
Ibm Qradar Vulnerability Manager | =7.2.1 | |
Ibm Qradar Vulnerability Manager | =7.2.2 | |
Ibm Qradar Vulnerability Manager | =7.2.3 | |
Ibm Qradar Vulnerability Manager | =7.2.4 | |
IBM QRadar Security Information and Event Manager | =7.1.0 | |
IBM QRadar Security Information and Event Manager | =7.2.0 | |
IBM QRadar Security Information and Event Manager | =7.2.1 | |
IBM QRadar Security Information and Event Manager | =7.2.2 | |
IBM QRadar Security Information and Event Manager | =7.2.3 | |
IBM QRadar Security Information and Event Manager | =7.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.