ByteOS Network

NVD Vulnerability Details :

CVE-2014-4830

Modified

Source-psirt@us.ibm.com

Published At-19 Oct, 2014 | 01:55

Updated At-06 May, 2026 | 22:30

IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

IBM Corporation

>>qradar_security_information_and_event_manager>>7.1.0

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0:*:*:*:*:*:*:*

IBM Corporation

>>qradar_security_information_and_event_manager>>7.2.0

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-264	Primary	nvd@nist.gov

CWE ID: CWE-264

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www-01.ibm.com/support/docview.wss?uid=swg21686478	psirt@us.ibm.com	Vendor Advisory
http://www.securityfocus.com/bid/71077	psirt@us.ibm.com	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95580	psirt@us.ibm.com	N/A
http://www-01.ibm.com/support/docview.wss?uid=swg21686478	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.securityfocus.com/bid/71077	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/95580	af854a3a-2127-422b-91ae-364da2661108	N/A