IBM QRadar Suite Software Vulnerability Could Allow Arbitrary Commands Execution
CVE-2023-47726

7.1HIGH

Key Information:

Vendor: IBM
Status: Qradar Suite Software; Cloud Pak For Security
Vendor: CVE Published:; 18 June 2024

Summary

The IBM QRadar Suite Software and IBM Cloud Pak for Security are susceptible to a vulnerability that allows authenticated users to execute arbitrary commands. This issue stems from an improper input validation mechanism within the software. When exploited, it can lead to unauthorized command execution, potentially compromising system integrity. Organizations using affected versions of these IBM products should review the advisory and implement necessary updates to mitigate this vulnerability.

Affected Version(s)

Cloud Pak for Security 1.10.12.0 <= 1.10.21.0

QRadar Suite Software 1.10.12.0 <= 1.10.21.0

References

https://https://www.ibm.com/support/pages/node/7157750

vendor-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/272087

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 18, 2024
Vulnerability Reserved
Nov 9, 2023