cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-47728,https://securityvulnerability.io/vulnerability/CVE-2023-47728,IBM QRadar Suite Software Vulnerability Could Lead to Sensitive Information Disclosure,IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the request.  This information could be used in further attacks against the system.  IBM X-Force ID:  272201.,IBM,"Qradar Suite Software,Cloud Pak For Security",6.5,MEDIUM,0.0004900000058114529,false,false,false,false,,false,false,2024-08-16T19:12:56.386Z,0
CVE-2024-25024,https://securityvulnerability.io/vulnerability/CVE-2024-25024,IBM QRadar Suite Software Stores User Credentials in Plain Text,IBM QRadar Suite Software 1.10.12.0 through 1.10.23.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores user credentials in plain clear text which can be read by a local user.  IBM X-Force ID:  281430.,IBM,"Qradar Suite Software,Cloud Pak For Security",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-08-15T02:42:06.312Z,0
CVE-2024-28799,https://securityvulnerability.io/vulnerability/CVE-2024-28799,IBM QRadar Suite Software information disclosure,"A vulnerability affects IBM QRadar Suite Software and IBM Cloud Pak for Security that can lead to the improper display of sensitive data to local privileged users during back-end commands. This issue primarily arises under non-default configurations, potentially resulting in unexpected data disclosure. Organizations utilizing the affected versions should review their configurations and implement appropriate security measures to mitigate the risks associated with this exposure.",IBM,"Qradar Suite Software,Cloud Pak For Security",7.5,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2024-08-14T16:15:00.000Z,0
CVE-2022-38382,https://securityvulnerability.io/vulnerability/CVE-2022-38382,Unauthorized Access to Sensitive Information Possible After Logout,"A session management issue exists in IBM Cloud Pak for Security (CP4S) and IBM QRadar Suite. This vulnerability allows a user to bypass session invalidation upon logout, potentially enabling unauthorized access to user sessions. As a result, another authenticated user may be able to retrieve sensitive information that should have been secured post-logout. Users of the affected versions should consider applying available patches and enhancing session management practices to safeguard sensitive data.",IBM,"Qradar Suite Software,Cloud Pak For Security",4.1,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-08-13T01:01:33.992Z,0
CVE-2024-25023,https://securityvulnerability.io/vulnerability/CVE-2024-25023,Log File Vulnerability Could Allow Local User Access,IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  281429.,IBM,"Qradar Suite Software,Cloud Pak For Security",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-07-10T01:15:00.000Z,0
CVE-2022-38383,https://securityvulnerability.io/vulnerability/CVE-2022-38383,IBM Cloud Pak for Security Vulnerability Allows Local File Access,"A vulnerability has been identified in IBM Cloud Pak for Security and IBM QRadar Software Suite that allows local web pages to be stored and subsequently read by unauthorized users on the same system. This issue affects specific versions of these products, potentially leading to exposure of sensitive information. Organizations utilizing these platforms are encouraged to review the affected versions and implement recommended mitigations to safeguard against possible unauthorized access.",IBM,"Cloud Pak For Security,Qradar Suite Software",3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-06-28T19:03:43.269Z,0
CVE-2023-47726,https://securityvulnerability.io/vulnerability/CVE-2023-47726,IBM QRadar Suite Software Vulnerability Could Allow Arbitrary Commands Execution,"The IBM QRadar Suite Software and IBM Cloud Pak for Security are susceptible to a vulnerability that allows authenticated users to execute arbitrary commands. This issue stems from an improper input validation mechanism within the software. When exploited, it can lead to unauthorized command execution, potentially compromising system integrity. Organizations using affected versions of these IBM products should review the advisory and implement necessary updates to mitigate this vulnerability.",IBM,"Qradar Suite Software,Cloud Pak For Security",7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-06-18T13:40:39.683Z,0
CVE-2023-47727,https://securityvulnerability.io/vulnerability/CVE-2023-47727,Security Dashboard Parameters Vulnerability,IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.20.0 could allow an authenticated user to modify dashboard parameters due to improper input validation.  IBM X-Force ID:  272089.,IBM,"Cloud Pak For Security,Qradar Suite Software",4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-02T14:43:57.748Z,0
CVE-2022-38386,https://securityvulnerability.io/vulnerability/CVE-2022-38386,IBM Cloud Pak for Security information disclosure,"A vulnerability exists in IBM Cloud Pak for Security and QRadar Suite where the SameSite attribute is not set for sensitive cookies. This oversight can allow attackers to exploit man-in-the-middle techniques, potentially resulting in unauthorized access to sensitive information. The affected versions include IBM Cloud Pak for Security from 1.10.0.0 to 1.10.11.0 and IBM QRadar Suite for Software from 1.10.12.0 to 1.10.19.0. It is advised to implement protective measures to mitigate risks associated with this vulnerability.",IBM,"Cloud Pak For Security,Qradar Suite For Software",5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-01T12:48:12.167Z,0
CVE-2023-47731,https://securityvulnerability.io/vulnerability/CVE-2023-47731,IBM QRadar Suite Software Vulnerable to Stored Cross-Site Scripting,IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  272203.,IBM,"Qradar Suite Software,Cloud Pak For Security",5.4,MEDIUM,0.0004299999854993075,false,true,false,false,,false,false,2024-04-23T12:16:11.361Z,0
CVE-2024-22355,https://securityvulnerability.io/vulnerability/CVE-2024-22355,IBM QRadar Suite Products Vulnerable to Weak Password Attacks,"IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.  IBM X-Force ID:  280781.",IBM,"Qradar Suite Products,Cloud Pak For Security",5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-03-03T12:20:59.026Z,0
CVE-2023-47742,https://securityvulnerability.io/vulnerability/CVE-2023-47742,IBM QRadar Suite Vulnerable to Certificate Validation Flaw,IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could disclose sensitive information using man in the middle techniques due to not correctly enforcing all aspects of certificate validation in some circumstances.  IBM X-Force ID:  272533.,IBM,"Qradar Suite Products,Cloud Pak For Security",5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-03-03T12:18:58.199Z,0
CVE-2021-39090,https://securityvulnerability.io/vulnerability/CVE-2021-39090,IBM Cloud Pak for Security Vulnerability Could Lead to Sensitive Information Theft,"A vulnerability exists in IBM Cloud Pak for Security which allows a remote attacker to potentially exploit the improper configuration of HTTP Strict Transport Security (HSTS). This misconfiguration can lead to sensitive information exposure through man-in-the-middle attacks, allowing unauthorized individuals to intercept communications. Organizations utilizing affected versions of IBM Cloud Pak for Security are advised to review their HSTS settings and apply necessary patches to mitigate risks associated with this vulnerability.",IBM,Cloud Pak For Security,5.9,MEDIUM,0.0008699999889358878,false,false,false,false,,false,false,2024-02-29T02:35:40.645Z,0
CVE-2023-50951,https://securityvulnerability.io/vulnerability/CVE-2023-50951,IBM QRadar Suite Logs Sensitive Information in Some Circumstances,IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 in some circumstances will log some sensitive information about invalid authorization attempts.  IBM X-Force ID:  275747.,IBM,"Qradar Suite Software,Cloud Pak For Security",4.3,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2024-02-17T16:00:51.779Z,0
CVE-2024-22337,https://securityvulnerability.io/vulnerability/CVE-2024-22337,IBM QRadar Suite Stores Sensitive Information in Log Files,IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  279977.,IBM,"QRadar Suite Software,Cloud Pak for Security",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T15:46:54.741Z,0
CVE-2024-22336,https://securityvulnerability.io/vulnerability/CVE-2024-22336,IBM QRadar Suite Stores Sensitive Information in Log Files,IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  279976.,IBM,"QRadar Suite Software,Cloud Pak for Security",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T15:45:35.951Z,0
CVE-2024-22335,https://securityvulnerability.io/vulnerability/CVE-2024-22335,IBM QRadar Suite Stores Sensitive Information in Log Files,IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user.  IBM X-Force ID:  279975.,IBM,"QRadar Suite Software,Cloud Pak for Security",5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-02-17T15:32:52.147Z,0
CVE-2022-36777,https://securityvulnerability.io/vulnerability/CVE-2022-36777,IBM Cloud Pak for Security information disclosure,IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.16.0could allow an authenticated user to obtain sensitive version information that could aid in further attacks against the system.  IBM X-Force ID:  233665.,IBM,"Cloud Pak For Security,Qradar Suite Software",4.3,MEDIUM,0.0008399999933317304,false,false,false,false,,false,false,2023-11-22T18:28:11.058Z,0
CVE-2023-30993,https://securityvulnerability.io/vulnerability/CVE-2023-30993,IBM Cloud Pak for Security information disclosure,IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account.  IBM X-Force ID:  254136.,IBM,Cloud Pak For Security,6.8,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2023-06-27T20:15:00.000Z,0
CVE-2021-39089,https://securityvulnerability.io/vulnerability/CVE-2021-39089,IBM Cloud Pak for Security information disclosure,IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 could allow an authenticated user to obtain sensitive information from a specially crafted HTTP request.  IBM X-Force ID:  216387.,IBM,Cloud Pak For Security,4.3,MEDIUM,0.0007999999797903001,false,false,false,false,,false,false,2023-01-20T18:14:59.231Z,0
CVE-2021-39011,https://securityvulnerability.io/vulnerability/CVE-2021-39011,IBM Cloud Pak for Security information disclosure,"
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.6.0 stores potentially sensitive information in log files that could be read by a privileged user. IBM X-Force ID: 213645.

",IBM,Cloud Pak For Security,4.2,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2023-01-20T18:08:10.000Z,0
CVE-2022-38385,https://securityvulnerability.io/vulnerability/CVE-2022-38385,,"
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777.

",IBM,Cloud Pak For Security,7.1,HIGH,0.0007800000021234155,false,false,false,false,,false,false,2022-11-15T21:15:00.000Z,0
CVE-2022-36776,https://securityvulnerability.io/vulnerability/CVE-2022-36776,,IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  233663.,IBM,Cloud Pak For Security,5.4,MEDIUM,0.0005000000237487257,false,false,false,false,,false,false,2022-11-11T18:44:09.367Z,0
CVE-2022-38387,https://securityvulnerability.io/vulnerability/CVE-2022-38387,,IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.  IBM X-Force ID:  233786.,IBM,Cloud Pak For Security,7.1,HIGH,0.0019199999514967203,false,false,false,false,,false,false,2022-11-11T18:16:00.169Z,0
CVE-2021-39013,https://securityvulnerability.io/vulnerability/CVE-2021-39013,,"IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.",IBM,Cloud Pak For Security,4.3,MEDIUM,0.0005600000149570405,false,false,false,false,,false,false,2021-12-22T17:15:00.000Z,0