CVE-2017-1457

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.2%

top 51.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Network Security

Timeline

PublishedSep 5

Latest updateMay 14

Description

IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/qradar_network_security5.4

▶NVDibm/qradar_network_security5.4

🔴Vulnerability Details

GHSA

GHSA-7jcc-c8pr-x8rc: IBM QRadar Network Security 5↗2022-05-14

▶

CVEList

CVE-2017-1457: IBM QRadar Network Security 5↗2017-09-05

▶