CVE-2016-2874
low
CVSS v3
3.1
CVSS v2
3.5
VIR risk
3.1
Description
IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
Predictions
Exploit likelihood
42%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@us.ibm.com — http://www-01.ibm.com/support/docview.wss?uid=swg21987771
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| ibm | qradar_security_information_and_event_manager | {"endIncluding":"7.1.0"} | |
| ibm | qradar_security_information_and_event_manager | 7.2.0 | |
| ibm | qradar_security_information_and_event_manager | 7.2.1 | |
| ibm | qradar_security_information_and_event_manager | 7.2.2 | |
| ibm | qradar_security_information_and_event_manager | 7.2.3 | |
| ibm | qradar_security_information_and_event_manager | 7.2.4 | |
| ibm | qradar_security_information_and_event_manager | 7.2.5 | |
| ibm | qradar_security_information_and_event_manager | 7.2.6 | |
References
CWEs
CWE-284
Verify integrity in audit chain (admin only). AS-IS.