IBM QRadar Incident Forensics uses insecure functions such as eval that execute code from a string and as such is vulnerable to remote code execution attacks.
CVEID: CVE-2017-1721**
DESCRIPTION:** IBM QRadar could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances.
CVSS Base Score: 5.6
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/134810> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
IBM QRadar SIEM 7.3.0 to 7.3.0 Patch 7
IBM QRadar SIEM 7.2.8 to 7.2.8 Patch 11
QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3
QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12
None