CVE-2016-9726

Опубликовано: 07 мар. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 9

EPSS Низкий

Описание

IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999542.

Ссылки

http://www.ibm.com/support/docview.wss?uid=swg21999542
Patch
Vendor Advisory
http://www.ibm.com/support/docview.wss?uid=swg21999542
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_incident_forensics:7.2.8:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.7:*:*:*:*:*:*:*

cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.8:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01453

Низкий

8.8 High

CVSS3

9 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-pc86-8x4w-cr47