Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cloud_pak_for_security
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 53 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-04-03 | CVE-2024-28782 | IBM QRadar Suite Software 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 285698. | Cloud_pak_for_security, Qradar_suite | 6.5 | ||
| 2024-04-23 | CVE-2023-47731 | IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203. | Cloud_pak_for_security, Qradar_suite | N/A | ||
| 2024-05-01 | CVE-2022-38386 | IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite for Software 1.10.12.0 through 1.10.19.0 does not set the SameSite attribute for sensitive cookies which could allow an attacker to obtain sensitive information using man-in-the-middle techniques. IBM X-Force ID: 233778. | Cloud_pak_for_security, Qradar_suite | 5.9 | ||
| 2024-05-02 | CVE-2023-47727 | IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation. IBM X-Force ID: 272089. | Cloud_pak_for_security, Qradar_suite | N/A | ||
| 2024-06-18 | CVE-2023-47726 | IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087. | Cloud_pak_for_security, Qradar_suite | 8.8 | ||
| 2025-06-03 | CVE-2025-1334 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 allows web pages to be stored locally which can be read by another user on the system. | Cloud_pak_for_security, Qradar_suite | 4.0 | ||
| 2025-06-03 | CVE-2025-25019 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not invalidate session after a logout which could allow a user to impersonate another user on the system. | Cloud_pak_for_security, Qradar_suite | 6.5 | ||
| 2025-06-03 | CVE-2025-25020 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input. | Cloud_pak_for_security, Qradar_suite | 6.5 | ||
| 2025-06-03 | CVE-2025-25021 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a privileged execute code in case management script creation due to the improper generation of code. | Cloud_pak_for_security, Qradar_suite | 7.2 | ||
| 2025-06-03 | CVE-2025-25022 | IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an unauthenticated user in the environment to obtain highly sensitive information in configuration files. | Cloud_pak_for_security, Qradar_suite | 8.8 |