CVE-2017-1723

CWE-22 — Path Traversal3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.4%

top 38.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Incident Forensics IBM Qradar Network Insights IBM Qradar Security Information AND Event Manager +1 more

Timeline

PublishedApr 26

Latest updateMay 14

Description

IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5ibm/security_qradar_siem7.2, 7.3+1

▶NVDibm/qradar_security_information_and_event_manager7.2.0 — 7.2.8+3

▶NVDibm/qradar_network_insights7.2.0 — 7.2.8+3

▶NVDibm/qradar_incident_forensics7.2.0 — 7.2.8+3

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-3qhq-6954-865h: IBM Security QRadar SIEM 7↗2022-05-14

▶

CVEList

CVE-2017-1723: IBM Security QRadar SIEM 7↗2018-04-26

▶