It is possible to inject a payload with OS Commands in QRadar which are run as root on the host OS.
CVE(s): CVE-2016-2875
Affected product(s) and affected version(s):
· IBM QRadar 7.1.n
· IBM QRadar 7.2.n
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2az7cMQ
X-Force Database: http://ift.tt/2aAaaE9
from IBM Product Security Incident Response Team http://ift.tt/2az7e7x
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.