Security Bulletin: IBM QRadar SIEM and QRadar Incident Forensics are vulnerable to OS command injection (CVE-2016-9726, CVE-2016-9727)

Summary IBM QRadar SIEM, and Incident Forensics may pass unsafe user supplied data forms, cookies, HTTP headers etc. to a system shell. This could allow attackers to execute arbitrary commands on the system. IBM has addressed this issue. Vulnerability Details CVEID: CVE-2016-9726 DESCRIPTION: IBM...

CVE-2016-9727

IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference : 1999542...