Products
IBM QRadar Suite Software
- 1.10.12.0
- 1.10.19.0
IBM Cloud Pak for Security
- 1.10.0.0
- 1.10.11.0
Source
psirt@us.ibm.com
Tags
CVE-2023-47731 details
Last Modified : April 23, 2024, 1:15 p.m.
Description
IBM QRadar Suite Software 1.10.12.0 through 1.10.19.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 272203.
CVSS Score
1 | 2 | 3 | 4 | 5.4 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
Base Score
5.4
Exploitability Score
Impact Score
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
URL | Source |
---|---|
https://exchange.xforce.ibmcloud.com/vulnerabilities/272203 | psirt@us.ibm.com |
https://https://www.ibm.com/support/pages/node/7148994 | psirt@us.ibm.com |