XML External Entity Vulnerability in IBM Security QRadar SIEM
CVE-2016-2868
2.7LOW
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 2 July 2016
Summary
IBM Security QRadar SIEM versions 7.2.x prior to 7.2.7 are susceptible to an XML External Entity (XXE) issue. This vulnerability allows remote authenticated administrators to exploit the system by reading arbitrary files through XML data that includes an external entity declaration. Attackers can leverage this flaw to access sensitive information stored on the server, leading to potential data breaches and unauthorized access to confidential files.
References
CVSS V3.1
Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved