OpenSource Pivotal Spring Framework as used in IBM QRadar is susceptible to several vulnerabilities.
CVEID: CVE-2013-7315**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/95219> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2013-4152**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error when processing XML data. By sending a specially-crafted request, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/86589> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-0054**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection (XXE) error in Jaxb2RootElementHttpMessageConverter when processing XML data. By sending specially-crafted XML data, an attacker could exploit this vulnerability to read arbitrary files and obtain sensitive information.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/91841> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-3578 DESCRIPTION: Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93774> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVEID: CVE-2014-3625**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing โdot dotโ sequences (/โฆ/) to view arbitrary files on the system.
CVSS Base Score: 5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/99872> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)
ยท IBM QRadar SIEM 7.2.n
ยท IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.2 |