Ibm Qradar Advisor vulnerabilities

CVE-2024-49822 [MEDIUM] CWE-918 CVE-2024-49822: IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVE-2021-38896 [MEDIUM] CWE-79 CVE-2021-38896: IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allow IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566.

CVE-2021-20380 [HIGH] CVE-2021-20380: IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remo IBM QRadar Advisor With Watson App 1.1 through 2.5 as used on IBM QRadar SIEM 7.4 could allow a remote user to obtain sensitive information from HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 195712.

CVE-2020-4408 [MEDIUM] CWE-522 CVE-2020-4408: The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mas The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.

CVE-2019-4557 [HIGH] CWE-326 CVE-2019-4557: IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms th IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 166206.

CVE-2019-4672 [MEDIUM] CVE-2019-4672: IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive informat IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system. IBM X-Force ID: 171438.

CVE-2019-4556 [MEDIUM] CVE-2019-4556: IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allow IBM QRadar Advisor 1.0.0 through 2.4.0 uses incomplete blacklisting for input validation which allows attackers to bypass application controls resulting in direct impact to the system and data integrity. IBM X-Force ID: 166205.