XML External Entity Vulnerability in IBM Security QRadar SIEM
CVE-2016-2868

2.7LOW

Key Information:

Vendor
IBM
Vendor
CVE Published:
2 July 2016

Summary

IBM Security QRadar SIEM versions 7.2.x prior to 7.2.7 are susceptible to an XML External Entity (XXE) issue. This vulnerability allows remote authenticated administrators to exploit the system by reading arbitrary files through XML data that includes an external entity declaration. Attackers can leverage this flaw to access sensitive information stored on the server, leading to potential data breaches and unauthorized access to confidential files.

References

CVSS V3.1

Score:
2.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.