CVE-2017-1234

CWE-79 — Cross-site Scripting (XSS)21 documents4 sources

Severity

5.4MEDIUM

EPSS

0.4%

top 41.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Security Qradar Siem IBM Qradar Security Information AND Event Manager

Timeline

PublishedJun 27

Latest updateMay 17

Description

IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123913.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/security_qradar_siem7.2, 7.3+1

▶NVDibm/qradar_security_information_and_event_manager10 versions+9

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-6mv3-6qq9-fjmw: IBM QRadar 7↗2022-05-17

▶

CVEList

CVE-2017-1234: IBM QRadar 7↗2017-06-27

▶

💬Community

Bugzilla

CVE-2017-7516 cpio: --no-absolute-filenames bypass via symlinks [fedora-all]↗2018-01-29

▶

Bugzilla

CVE-2017-2888 SDL2: SDL: Integer overflow while creating a new RGB surface [epel-7]↗2017-10-11

▶

Bugzilla

CVE-2017-2885 mingw-libsoup: libsoup: Stack based buffer overflow with HTTP Chunked Encoding [fedora-all]↗2017-08-10

▶

Bugzilla

CVE-2017-2885 mingw-libsoup: libsoup: Stack based buffer overflow with HTTP Chunked Encoding [epel-7]↗2017-08-10

▶

Bugzilla

CVE-2017-2885 libsoup: Stack based buffer overflow with HTTP Chunked Encoding [fedora-all]↗2017-08-10

▶