IBM Security Information and Event Manager HTML Injection Vulnerabilities
11 Mar. 2016
Summary
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML.
Vulnerable Systems:
*IBM Security QRadar SIEM 7.2.x before 7.2.6
Immune Systems:
*IBM Security QRadar SIEM 7.2.x after 7.2.6
IBM QRadar Security Information and Event Manager is prone to HTML-injection vulnerability. Successful exploits will result in the execution of arbitrary attacker-supplied HTML and script code in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials or control how the page is rendered to the user. Other attacks are also possible.