CVE-2016-2876

7.5HIGH

Key Information:

Vendor: IBM
Status: Qradar Security Information And Event Manager
Vendor: CVE Published:; 30 November 2016

Summary

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21987774

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95001

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 30, 2016
Vulnerability Reserved
Mar 9, 2016