IBM Security Bulletin: IBM QRadar Incident Forensics, as found in IBM QRadar SIEM, is vulnerable to an authentication bypass leading to remote command injection. (CVE-2018-1418)

Apr 25, 2018 9:01 am EDT

Categorized: Medium Severity

Share this post:

An authentication bypass leading to remote command injection has been found in IBM QRadar Incident Forensics.

CVE(s): CVE-2018-1418

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.3.0 to 7.3.1 Patch 2

IBM QRadar SIEM 7.2.0 to 7.2.8 Patch 11

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22015797
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/138824

from IBM Product Security Incident Response Team https://ift.tt/2I3qgp3