IBM QRadar SIEM does not disable external XML Entity Processsing which can lead to information disclosure and denial of service attacks.
CVEID: CVE-2016-9724**
DESCRIPTION:** IBM QRadar is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources.
CVSS Base Score: 7.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119740> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L)
ā¢ IBM QRadar SIEM 7.2.n
ā¢ IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4
None