CNNVD-202510-3494 Information
CNNVD ID
CNNVD-202510-3494
Related CVE
- CNNVD Published: 2025-10-27
Description (Chinese)
IBM QRadar SIEM是美国国际商业机器(IBM)公司的一套利用安全智能保护资产和信息远离高级威胁的解决方案。该方案提供对整个IT架构范围进行监督、生成详细的数据访问和用户活动报告等功能。 IBM QRadar SIEM 7.5版本至7.5.0 Update Pack 13 Independent Fix 02版本存在跨站脚本漏洞,该漏洞源于允许经过身份验证的用户在Web UI中嵌入任意JavaScript代码,可能导致存储型跨站脚本攻击和凭据泄露。
Description (English)
IBM QRadar SIEM is a solution for the United States International Business Machine (IBM) to use security intelligence to protect assets and information from advanced threats. The programme provides functions such as monitoring the entire IT architecture, generating detailed data access and user activity reports. IBM QRadar SIEM 7.5 to 7.5.0 Update Pack 13 Independent Fix 02 has a cross-site script loophole, which stems from allowing any JavaScript code to be embedded in Web UI by an identified user, which could lead to storage-type cross-station script attacks and leaks.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
国际商业机器
Published
2025-10-27
Last Modified
2026-02-24
References
https://www.ibm.com/support/pages/node/7249278 https://vigilance.fr/vulnerability/IBM-QRadar-SIEM-Cross-Site-Scripting-via-Web-UI-48592 https://access.redhat.com/security/cve/cve-2025-36170
Patch
https://www.ibm.com/support/pages/node/7249278
Share on: