Ibm Qradar User Behavior Analytics vulnerabilities

6 known vulnerabilities affecting ibm/qradar_user_behavior_analytics.

Total CVEs

6

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

HIGH2MEDIUM3LOW1

Vulnerabilities

Page 1 of 1

CVE-2022-36771MEDIUMCVSS 6.5fixed in 4.1.9v4.1.82022-09-28

CVE-2022-36771 [MEDIUM] CWE-284 CVE-2022-36771: IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information IBM QRadar User Behavior Analytics could allow an authenticated user to obtain sensitive information from that they should not have access to. IBM X-Force ID: 232791.

CVE-2021-29757HIGHCVSS 8.8v4.1.12021-08-02

CVE-2021-29757 [HIGH] CWE-352 CVE-2021-29757: IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could all IBM QRadar User Behavior Analytics 4.1.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 202168.

CVE-2021-20393HIGHCVSS 7.5≥ 1.0.0, < 4.1.12021-05-14

CVE-2021-20393 [HIGH] CWE-209 CVE-2021-20393: IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensi IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196001.

CVE-2021-20392MEDIUMCVSS 6.1≥ 1.0.0, < 4.1.02021-05-14

CVE-2021-20392 [MEDIUM] CWE-79 CVE-2021-20392: IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This v IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVE-2021-20429MEDIUMCVSS 5.3≥ 1.0.0, < 4.1.12021-05-14

CVE-2021-20429 [MEDIUM] CWE-863 CVE-2021-20429: IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an o IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due an overly permissive cross-domain policy. IBM X-Force ID: 196334.

CVE-2021-20391LOWCVSS 3.3≥ 1.0.0, < 4.1.12021-05-14

CVE-2021-20391 [LOW] CWE-922 CVE-2021-20391: IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which c IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 195999.