IBM » Qradar Security Information And Event Manager : Security Vulnerabilities, CVEs, (Directory traversal)
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.
Max CVSS
8.8
EPSS Score
4.46%
Published
2020-04-15
Updated
2022-04-18
IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.
Max CVSS
6.5
EPSS Score
0.11%
Published
2018-04-26
Updated
2018-05-25
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.
Max CVSS
6.5
EPSS Score
0.15%
Published
2021-01-27
Updated
2021-02-02
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.
Max CVSS
5.3
EPSS Score
0.18%
Published
2016-07-02
Updated
2016-07-05
Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL.
Max CVSS
5.0
EPSS Score
0.07%
Published
2016-01-03
Updated
2016-01-07
IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905.
Max CVSS
4.9
EPSS Score
0.05%
Published
2021-05-05
Updated
2021-05-07
6 vulnerabilities found