Ibm Qradar Network Security vulnerabilities

CVE-2020-4159 [HIGH] CWE-200 CVE-2020-4159: IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users wh IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339.

CVE-2020-4157 [HIGH] CWE-798 CVE-2020-4157: IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or c IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337.

CVE-2020-4152 [MEDIUM] CWE-319 CVE-2020-4152: IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in clearte IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

CVE-2020-4160 [MEDIUM] CVE-2020-4160: IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive inform IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340.

CVE-2020-4153 [MEDIUM] CWE-79 CVE-2020-4153: IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerabilit IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269.

CVE-2017-1458 [HIGH] CWE-611 CVE-2017-1458: IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when p IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.

CVE-2017-1491 [HIGH] CVE-2017-1491: IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties. IBM X-Force ID: 128689.

CVE-2017-1457 [MEDIUM] CWE-79 CVE-2017-1457: IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows use IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128376.