CVE-2016-2873 : SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 b

SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Published 2016-11-30 18:59:02

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Sql Injection

Products affected by CVE-2016-2873

IBM » Qradar Security Information And Event Manager » Update MR1
Versions up to, including, (<=) 7.1.0
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:mr1:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.0
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.2
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.3
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.4
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.1
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.5
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:*:*:*:*:*:*:*
Matching versions
IBM » Qradar Security Information And Event Manager » Version: 7.2.6
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2016-2873

EPSS FAQ

0.57%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 66 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2016-2873

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2016-2873

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2016-2873

http://www-01.ibm.com/support/docview.wss?uid=swg21987770

IBM Security Bulletin: IBM QRadar SIEM is vulnerable to SQL Injection. (CVE-2016-2873)
Patch;Vendor Advisory
http://www.securityfocus.com/bid/95000

IBM QRadar Security Information and Event Manager CVE-2016-2873 SQL Injection Vulnerability

Jump to

Vulnerability Details : CVE-2016-2873

Products affected by CVE-2016-2873

Exploit prediction scoring system (EPSS) score for CVE-2016-2873

CVSS scores for CVE-2016-2873

CWE ids for CVE-2016-2873

References for CVE-2016-2873