CVE-2016-2868

2.7LOW

Key Information:

Vendor: IBM
Status: Qradar Security Information And Event Manager
Vendor: CVE Published:; 2 July 2016

Summary

IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21985774

x_refsource_CONFIRM

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 2, 2016
Vulnerability Reserved
Mar 9, 2016