Command injection

2015-10-0402:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.8%

JSON

The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.

CPENameOperatorVersion
qradar_security_information_and_event_managereq7.2.0
qradar_security_information_and_event_managereq7.2.4
qradar_security_information_and_event_managereq7.2.1
qradar_security_information_and_event_managereq7.2.2
qradar_security_information_and_event_managereq7.2.3
qradar_security_information_and_event_managereq7.1.0

Name	Operator	Version
qradar_security_information_and_event_manager	eq	7.2.0
qradar_security_information_and_event_manager	eq	7.2.4
qradar_security_information_and_event_manager	eq	7.2.1
qradar_security_information_and_event_manager	eq	7.2.2
qradar_security_information_and_event_manager	eq	7.2.3
qradar_security_information_and_event_manager	eq	7.1.0

References

www-01.ibm.com/support/docview.wss?uid=swg21965817