Lucene search

IbmCVE-2017-1695

HistoryFeb 15, 2019 - 8:29 p.m.

CVE-2017-1695

2019-02-1520:29:00

CWE-326

ibm

web.nvd.nist.gov

ibm

qradar

siem

7.2

7.3

vulnerability

weak cryptographic algorithms

nvd

cve-2017-1695

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

51.1%

JSON

IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.

Affected configurations

Nvd

Vulners

Node

ibmqradar_security_information_and_event_managerRange7.2.0–7.2.8

ibmqradar_security_information_and_event_managerRange7.3.0–7.3.1

ibmqradar_security_information_and_event_managerMatch7.2.8-

ibmqradar_security_information_and_event_managerMatch7.2.8p1

ibmqradar_security_information_and_event_managerMatch7.2.8p10

ibmqradar_security_information_and_event_managerMatch7.2.8p11

ibmqradar_security_information_and_event_managerMatch7.2.8p2

ibmqradar_security_information_and_event_managerMatch7.2.8p3

ibmqradar_security_information_and_event_managerMatch7.2.8p4

ibmqradar_security_information_and_event_managerMatch7.2.8p5

ibmqradar_security_information_and_event_managerMatch7.2.8p6

ibmqradar_security_information_and_event_managerMatch7.2.8p7

ibmqradar_security_information_and_event_managerMatch7.2.8p8

ibmqradar_security_information_and_event_managerMatch7.2.8p9

ibmqradar_security_information_and_event_managerMatch7.3.1-

ibmqradar_security_information_and_event_managerMatch7.3.1p1

ibmqradar_security_information_and_event_managerMatch7.3.1p2

ibmqradar_security_information_and_event_managerMatch7.3.1p3

ibmqradar_security_information_and_event_managerMatch7.3.1p4

VendorProductVersionCPE
ibmqradar_security_information_and_event_manager*cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5:*:*:*:*:*:*
ibmqradar_security_information_and_event_manager7.2.8cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6:*:*:*:*:*:*

Vendor	Product	Version	CPE
ibm	qradar_security_information_and_event_manager	*	cpe:2.3:a:ibm:qradar_security_information_and_event_manager::::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:-::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p1::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p10::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p11::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p2::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p3::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p4::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p5::::::
ibm	qradar_security_information_and_event_manager	7.2.8	cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:p6::::::

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "product": "QRadar SIEM",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "7.2"
      },
      {
        "status": "affected",
        "version": "7.3"
      }
    ]
  }
]

References

www.securityfocus.com/bid/107060

exchange.xforce.ibmcloud.com/vulnerabilities/134177

www.ibm.com/support/docview.wss?uid=ibm10719107

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

51.1%

JSON

Related for CVE-2017-1695