CVE-2015-2009
Last modified
CVE-2015-2009 is a vulnerability of currently unknown severity. Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.. EPSS estimates a 0.55% chance of exploitation in the next 30 days.
Description
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to webmin. IBM X-Force ID: 103921.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Ibm | Qradar Security Information And Event Manager | >= 7.2.0, < 7.2.5 | — |
| Ibm | Qradar Security Information And Event Manager | 7.1.0 | — |
| Ibm | Qradar Security Information And Event Manager | 7.2.5 | Patch1 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2009?
How severe is CVE-2015-2009?
How do I fix CVE-2015-2009?
Are you affected by CVE-2015-2009?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST