Miembros de
Boletines de Vulnerabilidades |
IBM Security Bulletin: IBM QRadar Incident Forensics is vulnerable to a man in the middle attack. (CVE-2015-1993) |
|
Información sobre el sistema |
|
| Software afectado | IBM |
Descripción |
|
|
Several cookies in QRadar Incident Forensics are missing the secure attribute. This allows attackers with Man in The Middle position access to steal the cookie value by tricking the victim to navigate to the site on an unencrypted connection. CVE(s): CVE-2015-1993 Affected product(s) and affected version(s): · IBM QRadar Incident Forensics 7.2.n Refer to the following reference URLs for remediation and additional vulnerability details: Source Bulletin: More info: https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_ibm_qradar_incident_forensics_is_vulnerable_to_a_man_in_the_middle_attack_cve_2015_1993?lang=en_us |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2015-1993 ,CVE-2015-1788 ,CVE-2015-1789 ,CVE-2015-1792 ,CVE-2014-8176 ,CVE-2015-1790 ,CVE-2015-1791 ,CVE-2015-4000 ,CVE-2015-2017 ,CVE-2015-1994 and CVE-2015-1995. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-11-05 |