SymmetricalDataSecurity: IBM Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to remote code execution. (CVE-2017-1721)

Wednesday, April 25, 2018

IBM Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to remote code execution. (CVE-2017-1721)

Apr 25, 2018 9:00 am EDT

Share this post:

IBM QRadar Incident Forensics uses insecure functions such as eval that execute code from a string and as such is vulnerable to remote code execution attacks.

CVE(s): CVE-2017-1721

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.3.0 to 7.3.0 Patch 7

IBM QRadar SIEM 7.2.8 to 7.2.8 Patch 11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22015799
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/134810

from IBM Product Security Incident Response Team https://ift.tt/2HY96Jc

SymmetricalDataSecurity

Wednesday, April 25, 2018

IBM Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to remote code execution. (CVE-2017-1721)

No comments:

Post a Comment

Blog Archive

Search This Blog

Total Pageviews