Directory Traversal Vulnerability in IBM QRadar Incident Forensics
CVE-2018-1649

7.7HIGH

Key Information:

Vendor
IBM
Vendor
CVE Published:
5 October 2018

Summary

IBM QRadar Incident Forensics versions 7.2 and 7.3 are vulnerable to a directory traversal issue that could permit remote attackers to exploit the system by sending specially-crafted URL requests. By utilizing 'dot dot' sequences, an attacker might gain unauthorized access to arbitrary files on the system, potentially leading to data exposure. This vulnerability highlights the need for organizations using the product to implement appropriate security measures to prevent unauthorized access.

Affected Version(s)

QRadar Incident Forensics 7.2

QRadar Incident Forensics 7.3

References

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.