CVE-2015-4957: XSS
First published: Mon Feb 15 2016(Updated: )
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM QRadar Security Information and Event Manager | =7.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-4957?
CVE-2015-4957 is considered a high severity vulnerability due to its potential for cross-site scripting attacks.
Who is affected by CVE-2015-4957?
CVE-2015-4957 affects users of IBM Security QRadar SIEM versions 7.1.x before 7.1 MR2 Patch 12.
How do I fix CVE-2015-4957?
To fix CVE-2015-4957, update to IBM Security QRadar SIEM version 7.1 MR2 Patch 12 or later.
What type of vulnerability is CVE-2015-4957?
CVE-2015-4957 is a Cross-Site Scripting (XSS) vulnerability.
Can CVE-2015-4957 be exploited remotely?
Yes, CVE-2015-4957 can be exploited by remote authenticated users through a crafted URL.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/ibm
- canonical/ibm qradar security information and event manager
- version/ibm qradar security information and event manager/7.1.0