CVE-2014-4829

Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

Published: Nov 28, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-4829
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
ibm / qradar_vulnerability_manager	7.2.0	7.2.0.x
ibm / qradar_vulnerability_manager	7.2.2	7.2.2.x
ibm / qradar_vulnerability_manager	7.2.3	7.2.3.x
ibm / qradar_vulnerability_manager	7.2.1	7.2.1.x
ibm / qradar_vulnerability_manager	7.2.4	7.2.4.x
ibm / qradar_security_information_and_event_manager	7.2.0	7.2.0.x
ibm / qradar_security_information_and_event_manager	7.2.4	7.2.4.x
ibm / qradar_security_information_and_event_manager	7.2.1	7.2.1.x
ibm / qradar_security_information_and_event_manager	7.2.2	7.2.2.x
ibm / qradar_security_information_and_event_manager	7.2.3	7.2.3.x
ibm / qradar_security_information_and_event_manager	7.1.0	7.1.0.x
ibm / qradar_risk_manager	7.2.3	7.2.3.x
ibm / qradar_risk_manager	7.2.4	7.2.4.x
ibm / qradar_risk_manager	7.2.2	7.2.2.x
ibm / qradar_risk_manager	7.2.1	7.2.1.x
ibm / qradar_risk_manager	7.2.0	7.2.0.x
ibm / qradar_risk_manager	7.1.0	7.1.0.x

Vulnerability Database

289,599

CVE-2014-4829