Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880)

Summary

An IBM QRadar SIEM user with shell access could obtain the encryption key used to encrypt certain passwords.

Vulnerability Details

CVEID: CVE-2016-2880**
DESCRIPTION:** IBM QRadar stores the encryption key used to encrypt the service account password which can be obtained by a local user.
CVSS Base Score: 6.2
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/112859&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

• IBM QRadar SIEM 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7

Remediation/Fixes

· IBM QRadar/QRM/QVM 7.2.8
· For IBM QRadar 7.1 IBM recommends upgrading to a fixed, supported version/release/platform of the product.

Workarounds and Mitigations

None