Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33860 | 1 Ibm | 1 Security Qradar Edr | 2024-08-02 | N/A | 5.3 MEDIUM |
| IBM Security QRadar EDR 3.12 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 257702. | |||||
| CVE-2023-35006 | 1 Ibm | 1 Security Qradar Edr | 2024-08-02 | N/A | 5.4 MEDIUM |
| IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 297165. | |||||
| CVE-2023-33859 | 1 Ibm | 1 Security Qradar Edr | 2024-07-31 | N/A | 5.3 MEDIUM |
| IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. | |||||