Rewterz Threat Advisory – CVE-2021-27737 – Apache Traffic Server denial of service
May 17, 2021Rewterz Threat Advisory – CVE-2021-22908 – Pulse Connect Secure Buffer Overflow Vulnerability
May 17, 2021Rewterz Threat Advisory – CVE-2021-27737 – Apache Traffic Server denial of service
May 17, 2021Rewterz Threat Advisory – CVE-2021-22908 – Pulse Connect Secure Buffer Overflow Vulnerability
May 17, 2021Severity
Medium
Analysis Summary
CVE-2021-20391
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 allows web pages to be stored locally which can be read by another user on the system.
CVE-2021-20429
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due to an overly permissive cross-domain policy.
CVE-2021-20393
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
Impact
Obtain Information
Affected Vendors
IBM
Affected Products
- IBM QRadar SIEM 1.0.0
- IBM QRadar SIEM 4.1.1
Remediation
Refer to IBM Security Bulletin 6453103 for patch, upgrade or suggested workaround information