IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
http://www-01.ibm.com/support/docview.wss?uid=swg21968269 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: ibm
Published: 2015-11-08T22:00:00
Updated: 2024-08-06T05:02:43.068Z
Reserved: 2015-02-19T00:00:00
Link: CVE-2015-1999
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2015-11-08T22:59:07.950
Modified: 2015-11-09T19:10:22.453
Link: CVE-2015-1999
Redhat
No data.