CVE-2017-1723: IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL…

medium6.5CVSS 3.0

AVNACLPRLUINSUCHINAN

IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
ibm	qradar_incident_forensics	—	—
ibm	qradar_incident_forensics	—	—
ibm	qradar_incident_forensics	—	—
ibm	qradar_incident_forensics	>= 7.2.0 < 7.2.8	7.2.8
ibm	qradar_network_insights	—	—
ibm	qradar_network_insights	—	—
ibm	qradar_network_insights	—	—
ibm	qradar_network_insights	>= 7.2.0 < 7.2.8	7.2.8
ibm	qradar_security_information_and_event_manager	—	—
ibm	qradar_security_information_and_event_manager	—	—
ibm	qradar_security_information_and_event_manager	—	—
ibm	qradar_security_information_and_event_manager	>= 7.2.0 < 7.2.8	7.2.8
ibm	security_qradar_siem	—	—
ibm	security_qradar_siem	—	—