Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM0F7828E221CFABC9396B1AE307A78CF40FBD19D2396553FCFBC10F21C6CCEA01
HistoryJun 16, 2018 - 9:50 p.m.

Security Bulletin: IBM QRadar SIEM is vulnerable to XML Entity Injection (CVE-2016-9724)

2018-06-1621:50:45
www.ibm.com
9

EPSS

0.001

Percentile

49.7%

JSON

Summary

IBM QRadar SIEM does not disable external XML Entity Processsing which can lead to information disclosure and denial of service attacks.

Vulnerability Details

CVEID: CVE-2016-9724**
DESCRIPTION:** IBM QRadar is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119740&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

ā€¢ IBM QRadar SIEM 7.2.n

Remediation/Fixes

ā€¢ IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4

Workarounds and Mitigations

None

Related

cvelist 1
prion 1
nvd 1
cve 1
ibm 1
cvelist
cvelist
CVE-2016-9724
2017-03-07 17:00:00
prion
prion
Xxe
2017-03-07 17:59:00
nvd
nvd
CVE-2016-9724
2017-03-07 17:59:00
cve
cve
CVE-2016-9724
2017-03-07 17:59:00
ibm
ibm
Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins
2019-05-10 14:29:11

EPSS

0.001

Percentile

49.7%

JSON
Related for 0F7828E221CFABC9396B1AE307A78CF40FBD19D2396553FCFBC10F21C6CCEA01
cvelist1prion1nvd1cve1ibm1