Lucene search
IBM5F92E52B1CFAFC9D0284B03A72F35DC5DE3F9F7C456A582BB733874339C07D7CHistoryJun 16, 2018 - 9:43 p.m.
Security Bulletin: IBM QRadar SIEM is vulnerable to untrusted XML External Entity uploads. (CVE-2016-2868)
2018-06-1621:43:51
www.ibm.com
9
EPSS
0.001
Percentile
32.3%
Summary
XML External Entity injection in the UI of QRadar allows someone with privileges to upload unvalidated XML.
Vulnerability Details
CVE-ID: CVE-2016-2868 **
Description:IBM QRadar could allow a remote attacker with administrator privileges to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. **
CVSS Base Score: 2.7**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/112765 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Affected Products and Versions
- IBM QRadar SIEM 7.2.n
Remediation/Fixes
Workarounds and Mitigations
None
Related
prion
prion
Xxe
2016-07-02 14:59:00
cvelist
cvelist
CVE-2016-2868
2016-07-02 14:00:00
cve
cve
CVE-2016-2868
2016-07-02 14:59:12
nvd
nvd
CVE-2016-2868
2016-07-02 14:59:12
openvas
openvas
IBM QRadar Multiple Vulnerabilities
2016-07-07 00:00:00
EPSS
0.001
Percentile
32.3%
Related for 5F92E52B1CFAFC9D0284B03A72F35DC5DE3F9F7C456A582BB733874339C07D7C