8.8

CVE-2024-56462

IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_1
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_10
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_11
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_12
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_13
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_13_interim_fix_01
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_13_interim_fix_02
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_14
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_14_interim_fix_01
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_14_interim_fix_02
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_15
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_15_interim_fix_01
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_15_interim_fix_02
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_2
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_3
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_4
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_5
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_6
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_7
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_8
IbmQradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_9
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.365
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
psirt@us.ibm.com 7.2 1.2 5.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-530 Exposure of Backup File to an Unauthorized Control Sphere

A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

https://www.ibm.com/support/pages/node/7273957
Vendor Advisory