IBM Security QRadar Vulnerability Manager Cross-Site Request Forgery Vulnerabilities
17 Feb. 2016
Summary
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Vulnerable Systems:
* IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5
Immune Systems:
* IBM Security QRadar Vulnerability Manager 7.2.x after 7.2.5 Patch 5
IBM QRadar Vulnerability Manager is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.