Ibm Qradar
17 CVEs affecting Ibm Qradar. Latest disclosed: 2026-05-27. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-4270 | High | 8.4 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. |
CVE-2020-4269 | High | 7.5 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, o… |
CVE-2024-56462 | High | 7.2 | 2026-05-27 | IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain… |
CVE-2020-4294 | Medium | 6.3 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests f… |
CVE-2020-4271 | Medium | 6.3 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to send a specially crafted command which would be executed as a lower privileged user. IBM… |
CVE-2019-4581 | Medium | 6.1 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus… |
CVE-2019-4594 | Medium | 5.9 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport… |
CVE-2020-4272 | Medium | 5.5 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a… |
CVE-2020-4274 | Medium | 5.4 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-… |
CVE-2020-4268 | Medium | 5.4 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus… |
CVE-2019-4470 | Medium | 5.4 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus… |
CVE-2019-4454 | Medium | 5.4 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus… |
CVE-2020-4980 | Medium | 5.3 | 2021-07-16 | IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting data in transit between hosts when encrypt host connections is not enabled as well as data… |
CVE-2025-13995 | Medium | 5.0 | 2026-03-19 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account. |
CVE-2019-4593 | Medium | 4.3 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 generates an error message that includes sensitive information that could be used in further attacks against the system. IBM… |
CVE-2019-4509 | Medium | 4.3 | 2019-11-09 | IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to incorrect authorization in some components which could allow an authenticated user to obtain sensitive infor… |
CVE-2019-4654 | Low | 3.7 | 2020-04-15 | IBM QRadar 7.3.0 to 7.3.3 Patch 2 does not validate, or incorrectly validates, a certificate which could allow an attacker to spoof a trusted entity by using a… |