CVE-2016-2872

CWE-22 — Path Traversal3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 71.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Security Information AND Event Manager IBM Security Qradar Incident Forensics

Timeline

PublishedJul 2

Latest updateMay 17

Description

Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.7 and QRadar Incident Forensics 7.2.x before 7.2.7 allows remote attackers to read arbitrary files via a crafted URL.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDibm/security_qradar_incident_forensics7 versions+6

▶NVDibm/qradar_security_information_and_event_manager7 versions+6

🔴Vulnerability Details

GHSA

GHSA-f33p-q69g-29c6: Directory traversal vulnerability in IBM Security QRadar SIEM 7↗2022-05-17

▶

CVEList

CVE-2016-2872: Directory traversal vulnerability in IBM Security QRadar SIEM 7↗2016-07-02

▶