7.4

CVE-2017-1622

IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

Data is provided by the National Vulnerability Database (NVD)
IbmQradar Incident Forensics Version >= 7.2.0 < 7.2.8
IbmQradar Incident Forensics Version >= 7.3.0 < 7.3.1
IbmQradar Incident Forensics Version7.2.8 Update-
IbmQradar Incident Forensics Version7.2.8 Updatep1
IbmQradar Incident Forensics Version7.2.8 Updatep10
IbmQradar Incident Forensics Version7.2.8 Updatep11
IbmQradar Incident Forensics Version7.2.8 Updatep12
IbmQradar Incident Forensics Version7.2.8 Updatep13
IbmQradar Incident Forensics Version7.2.8 Updatep3
IbmQradar Incident Forensics Version7.2.8 Updatep4
IbmQradar Incident Forensics Version7.2.8 Updatep5
IbmQradar Incident Forensics Version7.2.8 Updatep6
IbmQradar Incident Forensics Version7.2.8 Updatep7
IbmQradar Incident Forensics Version7.2.8 Updatep8
IbmQradar Incident Forensics Version7.2.8 Updatep9
IbmQradar Incident Forensics Version7.3.1 Update-
IbmQradar Incident Forensics Version7.3.1 Updatep1
IbmQradar Incident Forensics Version7.3.1 Updatep2
IbmQradar Incident Forensics Version7.3.1 Updatep3
IbmQradar Incident Forensics Version7.3.1 Updatep4
IbmQradar Incident Forensics Version7.3.1 Updatep5
IbmQradar Incident Forensics Version7.3.1 Updatep6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.08% 0.206
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.4 2.2 5.2
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov 5.8 8.6 4.9
AV:N/AC:M/Au:N/C:P/I:P/A:N
psirt@us.ibm.com 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.