Exposing SSH private keys allows potential attackers to escalate privileges from console admin to root.
VULNERABILITY DETAILS **
CVE-ID:CVE-2015-2008 **
Description:IBM QRadar SIEM stores private SSH keys in the backup which could allow a user with administrator access to gain sensitive information for use in future attacks. **
CVSS Base Score: 3.5
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/103920 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** AV:N/AC:M/Au:S/C:P/I:N/A:N
ยท IBM QRadar SIEM 7.2.n
ยท IBM QRadar SIEM 7.1.n
ยท IBM QRadar SIEM 7.2.6
ยท IBM QRadar SIEM 7.1 MR2 Patch 12
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.1 | |
ibm security qradar siem | eq | 7.2 |