IBM41D2B286DB698DEE89B63A4F93EE0D1F6C0132694013AA6EEEDB6AB0AB392D85Security Bulletin: IBM QRadar Incident Forensics is vulnerable to Denial of service (CVE-2018-1647)
EPSS
Percentile
34.0%
Summary
The software does not properly restrict the size or amount of resources that are requested or influenced by an actor. This weakness can be used to consume more resources than intended.
Vulnerability Details
CVEID: CVE-2018-1647
**Description:**IBM QRadar Incident Forensics does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service.
**CVSS Base Score:**7.50
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/144650> for the current score
**CVSS Environmental Score:***Undefined
**CVSS Vector:**CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products and Versions
IBM QRadar Incident Forensics 7.3.0 to 7.3.1 Patch 4
IBM QRadar Incident Forensics 7.2.0 to 7.2.8 Patch 13
Remediation/Fixes
QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5
QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 13 Interim Fix 1
Workarounds and Mitigations
None
Related
EPSS
Percentile
34.0%