CVE-2015-1997

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

6.8MEDIUM

EPSS

0.1%

top 71.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Qradar Incident Forensics

Timeline

PublishedNov 8

Latest updateMay 17

Description

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDibm/security_qradar_incident_forensics6 versions+5

🔴Vulnerability Details

GHSA

GHSA-4h45-m97x-h895: Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7↗2022-05-17

▶

CVEList

CVE-2015-1997: Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7↗2015-11-08

▶