Directory Traversal Vulnerability in IBM QRadar Incident Forensics
CVE-2018-1649
7.7HIGH
Summary
IBM QRadar Incident Forensics versions 7.2 and 7.3 are vulnerable to a directory traversal issue that could permit remote attackers to exploit the system by sending specially-crafted URL requests. By utilizing 'dot dot' sequences, an attacker might gain unauthorized access to arbitrary files on the system, potentially leading to data exposure. This vulnerability highlights the need for organizations using the product to implement appropriate security measures to prevent unauthorized access.
Affected Version(s)
QRadar Incident Forensics 7.2
QRadar Incident Forensics 7.3
References
CVSS V3.1
Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved