CVE-2018-2021 — Cross-site Scripting in IBM Qradar Security Information AND Event Manager

CWE-79 — Cross-site Scripting CWE-20 — Improper Input Validation CWE-843 — Type Confusion CWE-200 — Sensitive Information Exposure CWE-787 — Out-of-bounds Write CWE-416 — Use After Free32 documents12 sources

Severity

6.1MEDIUMNVD

GHSA7.5

EPSS

0.2%

top 62.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Security Information AND Event Manager IBM Qradar Siem

Timeline

PublishedJul 17

Latest updateDec 5

Description

IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155345.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5ibm/qradar_siem7.2, 7.3+1

▶NVDibm/qradar_security_information_and_event_manager7.2.0 — 7.2.8+2

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

OSV

libjpeg-turbo vulnerabilities↗2022-09-22

▶

GHSA

GHSA-q37v-7m6p-mgm3: IBM QRadar SIEM 7↗2022-05-24

▶

GHSA

Type confusion in mpath↗2021-09-02

▶

OSV

qpdf vulnerabilities↗2021-08-02

▶

OSV

qpdf vulnerabilities↗2021-07-29

▶

💥Exploits & PoCs

Exploit-DB

Ruijie Reyee Mesh Router - Remote Code Execution (RCE) (Authenticated)↗2022-05-11

▶

Exploit-DB

phpMyAdmin 4.8.1 - Remote Code Execution (RCE)↗2021-10-25

▶

Exploit-DB

Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS)↗2021-10-18

▶

Exploit-DB

WordPress Plugin Plainview Activity Monitor 20161228 - Remote Code Execution (RCE) (Authenticated) (2)↗2021-07-07

▶

Exploit-DB

OpenEMR 5.0.1.3 - Authentication Bypass↗2021-06-16

▶

📋Vendor Advisories

Red Hat

binutils: out-of-bounds write in stab_xcoff_builtin_type() in stabs.c↗2021-12-14

▶

Red Hat

puppet: unsafe HTTP redirect↗2021-11-09

▶

Oracle

Oracle Oracle Communications Risk Matrix: NPA Agent (Flexnet) — CVE-2018-20034↗2021-10-15

▶

Oracle

Oracle Oracle Fusion Middleware Risk Matrix: SSL Module (LibExpat) — CVE-2018-20843↗2021-10-15

▶

Red Hat

mpath: type confusion can lead to a bypass of CVE-2018-16490↗2021-09-01

▶

🕵️Threat Intelligence

Bleepingcomputer

Hackers breach US govt agencies using Adobe ColdFusion exploit↗2023-12-05

▶