CVE-2020-5013XML External Entity (XXE) Injection in IBM Qradar Security Information AND Event Manager

CWE-611XML External Entity (XXE) Injection4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.6%
top 31.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar Security Information AND Event ManagerIBM Qradar Siem
Timeline
PublishedMay 5
Latest updateMay 24

Description

IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5ibm/qradar_siem7.3, 7.4+1

🔴Vulnerability Details

3
GHSA
GHSA-h827-x5f6-x45j: IBM QRadar SIEM 72022-05-24
OSV
systemd vulnerabilities2021-07-20
CVEList
CVE-2020-5013: IBM QRadar SIEM 72021-05-05
CVE-2020-5013 — XML External Entity (XXE) Injection | cvebase