CVE-2025-33121

Medienbericht

EPSS 0.34%
Veröffentlicht 19.06.2025 17:14:42
Zuletzt bearbeitet 25.07.2025 17:42:30
Quelle psirt@us.ibm.com
Teams Watchlist Login
Unerledigt Login

IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12  is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Update-

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_1

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_10

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_11

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_12

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_2

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_3

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_4

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_5

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_6

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_7

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_8

Linux ≫ Linux Kernel Version-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_9

Linux ≫ Linux Kernel Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.34%	0.564

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-611 Improper Restriction of XML External Entity Reference

The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.

https://www.heise.de/news/IBM-QRadar-SIEM-Autoupdate-Dateien-mit-Schadcode-verseuchbar-10455394.html

Medienbericht

heise Security

https://www.ibm.com/support/pages/node/7237317

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-33121

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-33121

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-33121

EUVD