CVE-2015-1996

CWE-200 — Information Exposure CWE-362 — Race Condition CWE-476 — NULL Pointer Dereference CWE-416 — Use After Free5 documents4 sources

Severity

2.1LOW

EPSS

0.1%

top 82.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Qradar Incident Forensics

Timeline

PublishedNov 8

Latest updateAug 19

Description

IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDibm/security_qradar_incident_forensics6 versions+5

🔴Vulnerability Details

GHSA

GHSA-4hfq-wwc9-pm6m: IBM Security QRadar Incident Forensics 7↗2022-05-17

▶

CVEList

CVE-2015-1996: IBM Security QRadar Incident Forensics 7↗2015-11-08

▶

📋Vendor Advisories

Red Hat

kernel: wifi: rtl818x: Kill URBs before clearing tx status queue↗2025-08-19

▶