CVE-2016-2874 : IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Published 2016-11-30 18:59:04

Updated 2016-12-23 02:59:03

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2016-2874

Probability of exploitation activity in the next 30 days: 0.08%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 31 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2016-2874

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
3.5	LOW	AV:N/AC:M/Au:S/C:P/I:N/A:N	6.8	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
3.1	LOW	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N	1.6	1.4	NIST
Attack Vector: Network Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: None

CWE ids for CVE-2016-2874

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-2874

http://www.securityfocus.com/bid/95003

IBM QRadar SIEM CVE-2016-2874 Information Disclosure Vulnerability
http://www-01.ibm.com/support/docview.wss?uid=swg21987771

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to incorrect authorization. (CVE-2016-2874)
Patch;Vendor Advisory

Products affected by CVE-2016-2874

IBM » Qradar Security Information And Event Manager » Update MR1
Versions up to, including, (<=) 7.1.0
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:mr1:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.0
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.2
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.3
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.4
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.1
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.5
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.6
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-2874

Exploit prediction scoring system (EPSS) score for CVE-2016-2874

CVSS scores for CVE-2016-2874

CWE ids for CVE-2016-2874

References for CVE-2016-2874

Products affected by CVE-2016-2874