User-supplied data may be passed to a system shell. Attackers could execute arbitrary commands on the system.
CVEID: CVE-2018-1571
**Description:**IBM QRadar could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
**CVSS Base Score:**8.80
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/143121> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 4
IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 13
QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5
QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 13 Interim Fix 1
NOTE: QRadar administrators who want to install 7.2.8 Patch 13 Interim Fix 1 should be aware that you must first be at QRadar 7.2.8 Patch 13 before you can update to Interim Fix 1. Interim fixes can only be applied to a specific patch level and you might be required to update to a minimum version before you can install an interim fix to your QRadar deployment. For a full list of QRadar software, see: <https://ibm.biz/qradarsoftware>.
None