NVD

Id
33672  
Name
CVE-2014-6075  
Description
IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2014-11-27  
Modified Date
2014-11-28  
Seq
2014-6075  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
174945 33672 CVE-2014-6075 http://www-01.ibm.com/support/docview.wss?uid=swg21691211  View
174946 33672 CVE-2014-6075 ibm-qradar-cve20146075-info-disc(95727)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16809 JVNDB-2014-005684 複数の IBM Security QRadar 製品における重要な情報を取得される脆弱性 IBM Security QRadar SIEM、QRadar Risk Manager、および QRadar Vulnerability Manager は、資格情報を URL 内に配置するため、重要な情報を取得される脆弱性が存在します。 CVE-2014-6075 73366 CVE-2014-6075 33672 5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-005684.html 2014-11-25 2014-12-01 View