CVE-2025-36007

Medienbericht

EPSS 0.02%
Veröffentlicht 27.10.2025 18:40:16
Zuletzt bearbeitet 03.11.2025 19:12:52
Quelle psirt@us.ibm.com
CVE-Watchlists
Login
Unerledigt
Login

IBM QRadar SIEM 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 is vulnerable to privilege escalation due to improper privilege assignment to an update script.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Update-

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_1

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_10

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_11

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_12

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_13

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_13_independent_fix_01

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_13_independent_fix_02

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_2

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_3

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_4

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_5

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_6

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_7

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_8

Ibm ≫ Qradar Security Information And Event Manager Version7.5.0 Updateupdate_pack_9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.024

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
psirt@us.ibm.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

https://www.heise.de/news/Luecken-gefaehrden-Systeme-mit-IBMs-Sicherheitsloesungen-Concert-und-QRadar-SIEM-10962406.html

Medienbericht

heise Security

https://www.ibm.com/support/pages/node/7249277

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-36007

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-36007

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-36007

EUVD