Xxe

2021-05-0516:15:00

PRIOn knowledge base

www.prio-n.com

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

47.0%

JSON

IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245.

CPENameOperatorVersion
qradar_security_information_and_event_managerge7.3.0
qradar_security_information_and_event_managerlt7.3.3
qradar_security_information_and_event_managereq7.3.3
qradar_security_information_and_event_managereq7.4.2
qradar_security_information_and_event_managereq7.4.2 fixpack1
qradar_security_information_and_event_managereq7.4.2 fixpack2
qradar_security_information_and_event_managereq7.3.3 fixpack1
qradar_security_information_and_event_managereq7.3.3 fixpack2
qradar_security_information_and_event_managereq7.3.3 fixpack3
qradar_security_information_and_event_managereq7.3.3 fixpack4

Name	Operator	Version
qradar_security_information_and_event_manager	ge	7.3.0
qradar_security_information_and_event_manager	lt	7.3.3
qradar_security_information_and_event_manager	eq	7.3.3
qradar_security_information_and_event_manager	eq	7.4.2
qradar_security_information_and_event_manager	eq	7.4.2 fixpack1
qradar_security_information_and_event_manager	eq	7.4.2 fixpack2
qradar_security_information_and_event_manager	eq	7.3.3 fixpack1
qradar_security_information_and_event_manager	eq	7.3.3 fixpack2
qradar_security_information_and_event_manager	eq	7.3.3 fixpack3
qradar_security_information_and_event_manager	eq	7.3.3 fixpack4