The product passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. This allows attackers to execute arbitrary commands on the system.
CVE(s): CVE-2017-1696
Affected product(s) and affected version(s):
· IBM QRadar 7.3 – 7.3.0 Patch 5
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2D4xyFR
X-Force Database: http://ift.tt/2oLNud3
The post IBM Security Bulletin:IBM QRadar SIEM is vulnerable to command injection. (CVE-2017-1696) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team http://ift.tt/2D4ToJE
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.