The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.
CVEID: CVE-2016-5007**
DESCRIPTION:** Pivotal Spring Security and Spring Framework could provide weaker than expected security, caused by the difference in the strictness of the pattern matching mechanisms. An attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base Score: 7.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/126679> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVEID: CVE-2016-9878**
DESCRIPTION:** Pivotal Spring Framework could allow a remote attacker to traverse directories on the system , caused by improper validation of user-supplied paths. An attacker could send a specially-crafted request to the ResourceServlet containing “dot dot” sequences (/…/) to view arbitrary files on the system.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/120241> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM QRadar 7.3.0 to 7.3.1 Patch 2
IBM QRadar 7.2.0 to 7.2.8 Patch 11
QRadar / QRM / QVM / QRIF / QNI 7.3.1 Patch 3
QRadar / QRM / QVM / QRIF / QNI 7.2.8 Patch 12
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security qradar siem | eq | 7.3 | |
ibm security qradar siem | eq | 7.2 |