Vulnerabilities found in both QRadar SIEM and Incident Forensics allow for path traversal via improperly handled parameters.
CVE-ID: CVE-2016-2872 **
Description:IBM QRadar could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system. **
CVSS Base Score: 5.3**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/112808 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ยท IBM QRadar SIEM 7.2.n
ยท IBM QRadar Incident Forensics 7.2.n
ยท QRadar / QRM / QVM / QRIF 7.2.7
None