Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM2A3A88D0EC2B2F5B67A32AD0D81724FF132EFBCBFD9BD2046D56F768A338031F
HistoryJun 16, 2018 - 9:44 p.m.

Security Bulletin: IBM QRadar SIEM and Incident Forensics relies on an untrusted input. (CVE-2016-2881)

2018-06-1621:44:56
www.ibm.com
10

EPSS

0.002

Percentile

54.2%

JSON

Summary

The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.

Vulnerability Details

CVE-ID: CVE-2016-2881 **
Description:IBM QRadar and Incident Forensics could allow a remote attacker to bypass security and gain access to application functionality by manipulating request parameters. **
CVSS Base Score: 6.5**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/112860 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products and Versions

· IBM QRadar SIEM 7.2.n

· IBM QRadar SIEM 7.1.n

· IBM QRadar Incident Forensics 7.2.n

Remediation/Fixes

· QRadar / QRM / QVM / QRIF 7.2.7

· IBM QRadar SIEM 7.1 MR2 Patch 13

Related

nvd 1
cvelist 1
cve 1
prion 1
nvd
nvd
CVE-2016-2881
2016-11-30 20:59:00
cvelist
cvelist
CVE-2016-2881
2016-11-30 20:00:00
cve
cve
CVE-2016-2881
2016-11-30 20:59:00
prion
prion
Design/Logic Flaw
2016-11-30 20:59:00

EPSS

0.002

Percentile

54.2%

JSON
Related for 2A3A88D0EC2B2F5B67A32AD0D81724FF132EFBCBFD9BD2046D56F768A338031F
nvd1cvelist1cve1prion1