VIR Vulnerability Intelligence Relay

CVE-2016-9726

high
Published 2017-03-07 · Modified 2026-05-13
CVSS v3
8.8
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2
9.0
VIR risk
8.8

Description

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.

Predictions

Exploit likelihood
92%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: psirt@us.ibm.com — http://www.ibm.com/support/docview.wss?uid=swg21999542

Application impact
VendorProductVersionsFixed
ibmqradar_incident_forensics7.2.0
ibmqradar_incident_forensics7.2.1
ibmqradar_incident_forensics7.2.2
ibmqradar_incident_forensics7.2.3
ibmqradar_incident_forensics7.2.4
ibmqradar_incident_forensics7.2.5
ibmqradar_incident_forensics7.2.6
ibmqradar_incident_forensics7.2.7
ibmqradar_incident_forensics7.2.8
ibmqradar_security_information_and_event_manager7.2.0
ibmqradar_security_information_and_event_manager7.2.1
ibmqradar_security_information_and_event_manager7.2.2
ibmqradar_security_information_and_event_manager7.2.3
ibmqradar_security_information_and_event_manager7.2.4
ibmqradar_security_information_and_event_manager7.2.5
ibmqradar_security_information_and_event_manager7.2.6
ibmqradar_security_information_and_event_manager7.2.7
ibmqradar_security_information_and_event_manager7.2.8

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.