Directory Traversal Vulnerability in IBM QRadar Incident Forensics
CVE-2018-1649

7.7HIGH

Key Information:

Vendor
IBM
Status
Qradar Incident Forensics
Vendor
CVE Published:
5 October 2018

Summary

IBM QRadar Incident Forensics versions 7.2 and 7.3 are vulnerable to a directory traversal issue that could permit remote attackers to exploit the system by sending specially-crafted URL requests. By utilizing 'dot dot' sequences, an attacker might gain unauthorized access to arbitrary files on the system, potentially leading to data exposure. This vulnerability highlights the need for organizations using the product to implement appropriate security measures to prevent unauthorized access.

Affected Version(s)

QRadar Incident Forensics 7.2

QRadar Incident Forensics 7.3

References

https://www.ibm.com/support/docview.wss?uid=ibm10729703
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144655
vdb-entryx_refsource_XF

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.