Lucene search

[email protected]CVE-2014-0838

HistoryJan 30, 2014 - 5:17 a.m.

CVE-2014-0838

2014-01-3005:17:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2014-0838

autoupdate package

ibm security qradar siem

remote attackers

arbitrary console commands

security vulnerability

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.1%

JSON

The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.

CPENameOperatorVersion
ibm:qradar_security_information_and_event_manageribm qradar security information and event managerle7.2.0

CPE	Name	Operator	Version
ibm:qradar_security_information_and_event_manager	ibm qradar security information and event manager	le	7.2.0

References

osvdb.org/102553

www-01.ibm.com/support/docview.wss?uid=swg21663066

www.securityfocus.com/bid/65127

exchange.xforce.ibmcloud.com/vulnerabilities/90681

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

79.1%

JSON

Related for CVE-2014-0838

prion1 cvelist1 ibm1