漏洞关键信息 CVE ID: CVE-2016-9725 Description: IBM QRadar Incident Forensics is affected by overly permissive Cross-Origin Resource Sharing (CORS) access policies. This allows web sites to request resources from external sites, which can lead to security vulnerabilities. CVSS Base Score: 5.3 CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/119741 for the current score. CVSS Environmental Score: Undefined CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) Affected Products and Versions: IBM QRadar SIEM 7.2.n Remediation/Fixes: IBM QRadar/ORM/QVM/QRIF 7.2.8 Patch 4 Workarounds and Mitigations: None Acknowledgement: IBM X-Force Ethical Hacking Team: Paul Ionescu, Warren Moynihan, Jonathan Fitz-Gerald, John Zuccato, Rodney Ryan, Chris Shepherd, Dmitriy Beryoza Document Information: Software version: 7.2 Operating system(s): Linux Document number: 293063 Modified date: 16 June 2018