CVE-2014-4829 - Vulnerability Details

Vendors	Products
Ibm	Qradar Risk Manager Qradar Security Information And Event Manager Qradar Vulnerability Manager

Link	Providers
http://www-01.ibm.com/support/docview.wss?uid=swg21691211
https://exchange.xforce.ibmcloud.com/vulnerabilities/95579

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "shortName": "ibm"}, "references": [{"name": "ibm-qradar-cve20144829-csrf(95579)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@us.ibm.com", "ID": "CVE-2014-4829", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ibm-qradar-cve20144829-csrf(95579)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579"}, {"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211", "refsource": "CONFIRM", "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:27:36.904Z"}, "title": "CVE Program Container", "references": [{"name": "ibm-qradar-cve20144829-csrf(95579)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"}]}]}, "cveMetadata": {"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522", "assignerShortName": "ibm", "cveId": "CVE-2014-4829", "datePublished": "2014-11-28T02:00:00", "dateReserved": "2014-07-09T00:00:00", "dateUpdated": "2024-08-06T11:27:36.904Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-11-25T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-08-28T12:57:01 (string)

orgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

shortName : ibm (string)

}

references : [ »

0 : { »

name : ibm-qradar-cve20144829-csrf(95579) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21691211 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : psirt@us.ibm.com (string)

ID : CVE-2014-4829 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : ibm-qradar-cve20144829-csrf(95579) (string)

refsource : XF (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 (string)

}

1 : { »

name : http://www-01.ibm.com/support/docview.wss?uid=swg21691211 (string)

refsource : CONFIRM (string)

url : http://www-01.ibm.com/support/docview.wss?uid=swg21691211 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T11:27:36.904Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : ibm-qradar-cve20144829-csrf(95579) (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_XF (string)

2 : x_transferred (string)

]

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21691211 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 9a959283-ebb5-44b6-b705-dcc2bbced522 (string)

assignerShortName : ibm (string)

cveId : CVE-2014-4829 (string)

datePublished : 2014-11-28T02:00:00 (string)

dateReserved : 2014-07-09T00:00:00 (string)

dateUpdated : 2024-08-06T11:27:36.904Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "4975223D-9E31-4CEC-A4B6-C0996828B855", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "22E0F4A7-B8BD-42D1-92DB-2B510FFC9C36", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "C15C820B-4778-4B8F-8BD8-E996F1D4062D", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A42E70EE-2E23-4D92-ADE0-9177B9EDD430", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "01C91446-4A36-4FCE-A973-3E6F813FABC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3C062C89-5DC2-46EE-A9D3-23E7539A5DAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C137959-2279-4459-8A10-43AFE09E2641", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "39D53329-E729-43C1-8C67-EFA4C3F7BFBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "9FC4EDCA-DF37-4366-B944-F342FA55EEFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "09D0DA15-7DC3-4B1E-9CD9-EFC7FE4C0FEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "76CA942D-70AD-4E0D-A28E-443FB7140A54", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0E476AEB-AD38-4033-8426-DC502497D75A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "EB7DFDBB-6C8C-44AC-96CD-F6393320AB87", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A7D2CE0E-0A79-4DC7-AD7A-B79A5E613102", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "8A98ADDC-9615-4F5D-893D-E810ABD95042", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "A70602BE-5069-44FA-B449-93637F5F89B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A54D93A6-9639-43CA-8CC4-F98FE8067648", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios arbitrarios para solicitudes que insertan secuencias de XSS."}], "id": "CVE-2014-4829", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-28T02:59:01.270", "references": [{"source": "psirt@us.ibm.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"}, {"source": "psirt@us.ibm.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21691211"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95579"}], "sourceIdentifier": "psirt@us.ibm.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 4975223D-9E31-4CEC-A4B6-C0996828B855 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 22E0F4A7-B8BD-42D1-92DB-2B510FFC9C36 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : C15C820B-4778-4B8F-8BD8-E996F1D4062D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A42E70EE-2E23-4D92-ADE0-9177B9EDD430 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:qradar_vulnerability_manager:7.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 01C91446-4A36-4FCE-A973-3E6F813FABC9 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 3C062C89-5DC2-46EE-A9D3-23E7539A5DAF (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 7C137959-2279-4459-8A10-43AFE09E2641 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 39D53329-E729-43C1-8C67-EFA4C3F7BFBC (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 9FC4EDCA-DF37-4366-B944-F342FA55EEFD (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 09D0DA15-7DC3-4B1E-9CD9-EFC7FE4C0FEA (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 76CA942D-70AD-4E0D-A28E-443FB7140A54 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:ibm:qradar_risk_manager:7.1.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 0E476AEB-AD38-4033-8426-DC502497D75A (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:ibm:qradar_risk_manager:7.2.0:*:*:*:*:*:*:* (string)

matchCriteriaId : EB7DFDBB-6C8C-44AC-96CD-F6393320AB87 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:ibm:qradar_risk_manager:7.2.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A7D2CE0E-0A79-4DC7-AD7A-B79A5E613102 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:ibm:qradar_risk_manager:7.2.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 8A98ADDC-9615-4F5D-893D-E810ABD95042 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:ibm:qradar_risk_manager:7.2.3:*:*:*:*:*:*:* (string)

matchCriteriaId : A70602BE-5069-44FA-B449-93637F5F89B0 (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:ibm:qradar_risk_manager:7.2.4:*:*:*:*:*:*:* (string)

matchCriteriaId : A54D93A6-9639-43CA-8CC4-F98FE8067648 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch 9 and 7.2 before 7.2.4 Patch 1, and QRadar Vulnerability Manager 7.2 before 7.2.4 Patch 1, allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. (string)

}

1 : { »

lang : es (string)

value : Vulnerabilidad de CSRF en IBM Security QRadar SIEM and QRadar Risk Manager 7.1 anterior a MR2 Patch 9 y 7.2 anterior a 7.2.4 Patch 1, y QRadar Vulnerability Manager 7.2 anterior a 7.2.4 Patch 1, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que insertan secuencias de XSS. (string)

}

]

id : CVE-2014-4829 (string)

lastModified : 2025-04-12T10:46:40.837 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-11-28T02:59:01.270 (string)

references : [ »

0 : { »

source : psirt@us.ibm.com (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21691211 (string)

}

1 : { »

source : psirt@us.ibm.com (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Vendor Advisory (string)

]

url : http://www-01.ibm.com/support/docview.wss?uid=swg21691211 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://exchange.xforce.ibmcloud.com/vulnerabilities/95579 (string)

}

]

sourceIdentifier : psirt@us.ibm.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-352 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object