2 matches found
Security Bulletin: IBM QRadar SIEM is vulnerable to untrusted XML External Entity uploads. (CVE-2016-2868)
Summary XML External Entity injection in the UI of QRadar allows someone with privileges to upload unvalidated XML. Vulnerability Details CVE-ID: CVE-2016-2868 Description: IBM QRadar could allow a remote attacker with administrator privileges to obtain sensitive information, caused by an error...
CVE-2016-2868
IBM QRadar SIEM 7.2.x before 7.2.7 is affected by CVE-2016-2868 due to an XML External Entity (XXE) vulnerability in how XML data is processed. An attacker with administrator privileges can cause QRadar to read arbitrary files by sending specially crafted XML, exposing sensitive information. The ...