Weak Permissions in IBM QRadar SIEM Affects Data Integrity
CVE-2016-2877

3.3LOW

Key Information:

Vendor
IBM
Status
Qradar Security Information And Event Manager
Vendor
CVE Published:
30 November 2016

Summary

IBM QRadar SIEM versions 7.1 prior to MR2 Patch 13 and 7.2 prior to 7.2.7 exhibit improper permissions on certain directories under the web root. This security flaw enables local users to gain unauthorized access, allowing them to modify critical data by writing to files. Organizations relying on QRadar should assess the impact of this vulnerability to protect against potential data integrity issues.

References

http://www.securityfocus.com/bid/95002
vdb-entryx_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21987773
x_refsource_CONFIRM

CVSS V3.1

Score:
3.3
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.