XML External Entity injection in the UI of QRadar allows someone with privileges to upload unvalidated XML.
CVE-ID: CVE-2016-2868 **
Description:IBM QRadar could allow a remote attacker with administrator privileges to obtain sensitive information, caused by an error when processing XML external entities. By sending specially-crafted XML data, an attacker could exploit this vulnerability to obtain sensitive information. **
CVSS Base Score: 2.7**
CVSS Temporal Score:** See https://exchange.xforce.ibmcloud.com/vulnerabilities/112765 for the current score**
CVSS Environmental Score:** Undefined*
CVSS Vector:** CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
None