从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞名称:IBM Security QRadar EDR Software has multiple vulnerabilities (CVE-2024-45099, CVE-2024-45642) 2. 受影响的产品:IBM Security QRadar EDR 3. 受影响的版本:3.12 4. 漏洞描述: - CVE-2024-45099:IBM Security ReaQta is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. - CVE-2024-45642:IBM Security ReaQta could disclose sensitive information due to an overly permissive cross-domain policy. 5. 修复建议: - IBM鼓励客户尽快升级系统。 - 可以通过设置审批策略来控制是否自动升级操作员。 6. 工作绕过和缓解措施:无 7. 参考链接: - Complete CVSS v3 Guide - On-line Calculator v3 - IBM Secure Engineering Web Portal - IBM Product Security Incident Response Blog 8. 免责声明:IBM提供的CVSS分数仅供参考,不保证任何特定产品的安全性。客户应自行评估受影响产品的安全性。 这些信息可以帮助用户了解漏洞的详细情况、受影响的产品和版本、修复建议以及相关的参考资源。