Vulnerability Name: CVE-2014-6075 (CCN-95727) Assigned: 2014-11-25 Published: 2014-11-25 Updated: 2017-09-08 Summary: IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, place credentials in URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. CVSS v3 Severity: 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
3.5 Low (CCN CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N 2.6 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: MITRECVE-2014-6075 Multiple vulnerabilities found in IBM QRadar SIEM and QRadar Risk Manager (CVE-2014-4832, CVE-2014-4831, CVE-2014-4829, CVE-2014-4829, CVE-2014-6075) http://www-01.ibm.com/support/docview.wss?uid=swg21691211 IBM Qradar Risk Manager CVE-2014-6075 Information Disclosure Vulnerability ibm-qrm-cve20146075-info-disc(95727) ibm-qradar-cve20146075-info-disc(95727) Vulnerable Configuration: Configuration 1 :cpe:/a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:* Configuration 2 :cpe:/a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:* Configuration 3 :cpe:/a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.0:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.1:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.2:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.3:-:*:*:*:*:*:* OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.2.4:-:*:*:*:*:*:* BACK
ibm qradar risk manager 7.1.0
ibm qradar risk manager 7.2.0
ibm qradar risk manager 7.2.1
ibm qradar risk manager 7.2.2
ibm qradar risk manager 7.2.3
ibm qradar risk manager 7.2.4
ibm qradar vulnerability manager 7.2.0
ibm qradar vulnerability manager 7.2.1
ibm qradar vulnerability manager 7.2.2
ibm qradar vulnerability manager 7.2.3
ibm qradar vulnerability manager 7.2.4
ibm qradar security information and event manager 7.1.0
ibm qradar security information and event manager 7.2.0
ibm qradar security information and event manager 7.2.1
ibm qradar security information and event manager 7.2.2
ibm qradar security information and event manager 7.2.3
ibm qradar security information and event manager 7.2.4
Denotes that component is vulnerable