What is the severity of CVE-2017-1623?

CVE-2017-1623 has a medium severity rating due to its potential for credentials disclosure within a trusted session.

How do I fix CVE-2017-1623?

To fix CVE-2017-1623, upgrade to the latest versions of IBM QRadar Security Information and Event Manager that are not affected.

What versions of IBM QRadar Security Information and Event Manager are affected by CVE-2017-1623?

CVE-2017-1623 affects IBM QRadar Security Information and Event Manager versions 7.2.0 through 7.3.0.

What is the impact of CVE-2017-1623?

The impact of CVE-2017-1623 is the risk of malicious users embedding arbitrary JavaScript code into the Web UI.

Who published CVE-2017-1623?

CVE-2017-1623 was published by IBM and is documented in their security advisories.

Vulnerability/
CVE-2017-1623

medium

6.1

CWE

10/1/2018

16/9/2024

CVE-2017-1623: XSS

First published: Wed Jan 10 2018(Updated: )

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 133121.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	=7.2.0
IBM QRadar Security Information and Event Manager	=7.2.1
IBM QRadar Security Information and Event Manager	=7.2.2
IBM QRadar Security Information and Event Manager	=7.2.3
IBM QRadar Security Information and Event Manager	=7.2.4
IBM QRadar Security Information and Event Manager	=7.2.5
IBM QRadar Security Information and Event Manager	=7.2.6
IBM QRadar Security Information and Event Manager	=7.2.7
IBM QRadar Security Information and Event Manager	=7.2.8
IBM QRadar Security Information and Event Manager	=7.3.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-1623?
CVE-2017-1623 has a medium severity rating due to its potential for credentials disclosure within a trusted session.
How do I fix CVE-2017-1623?
To fix CVE-2017-1623, upgrade to the latest versions of IBM QRadar Security Information and Event Manager that are not affected.
What versions of IBM QRadar Security Information and Event Manager are affected by CVE-2017-1623?
CVE-2017-1623 affects IBM QRadar Security Information and Event Manager versions 7.2.0 through 7.3.0.
What is the impact of CVE-2017-1623?
The impact of CVE-2017-1623 is the risk of malicious users embedding arbitrary JavaScript code into the Web UI.
Who published CVE-2017-1623?
CVE-2017-1623 was published by IBM and is documented in their security advisories.

collector/nvd-index
agent/type
agent/softwarecombine
agent/weakness
agent/author
agent/references
agent/severity
agent/tags
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.2.0
version/ibm qradar security information and event manager/7.2.1
version/ibm qradar security information and event manager/7.2.2
version/ibm qradar security information and event manager/7.2.3
version/ibm qradar security information and event manager/7.2.4
version/ibm qradar security information and event manager/7.2.5
version/ibm qradar security information and event manager/7.2.6
version/ibm qradar security information and event manager/7.2.7
version/ibm qradar security information and event manager/7.2.8
version/ibm qradar security information and event manager/7.3.0