CVE-2014-6075

IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*

Information

Published : 2014-11-27 18:59

Updated : 2017-09-07 18:29


NVD link : CVE-2014-6075

Mitre link : CVE-2014-6075


JSON object : View

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

ibm

  • qradar_security_information_and_event_manager
  • qradar_risk_manager
  • qradar_vulnerability_manager