The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal and is vulnerable to improper validation of input.
**IBM X-Force ID:**177835
**DESCRIPTION:**Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker could exploit this vulnerability using a method call to obtain sensitive information.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177835 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM QRadar SIEM | 7.5 - 7.5.0 UP8 |
Product | Version | Fix |
---|---|---|
IBM QRadar SIEM | 7.5.0 | 7.5.0 QRadar Protocol ArielRESTAPI |
Please be aware that these updates are available via Auto Update if you have it enabled.
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | qradar_network_security | 7.5 | cpe:2.3:a:ibm:qradar_network_security:7.5:*:*:*:*:*:*:* |