The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.
CVEID: CVE-2013-1768 DESCRIPTION: Deserialization of a maliciously crafted OpenJPA object can result in an executable file being written to the file system. An attacker needs to discover an unprotected server program to exploit this vulnerability. It then needs to exploit another unprotected server program to execute the file and gain access to the system. OpenJPA usage by itself does not introduce the vulnerability.
CVSS Base Score: 10
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/82268> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)
QRadar / QRM / QVM / QRIF / QNI 7.3.0 to 7.3.1 Patch 4
QRadar / QRM / QVM / QRIF / QNI 7.2.0 to 7.2.8 Patch 11
QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 5
QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.2 | |
ibm security qradar siem | eq | 7.3 |