CVE-2023-47726 — Improper Validation of Specified Type of Input in IBM Cloud PAK FOR Security

CWE-1287 — Improper Validation of Specified Type of Input3 documents3 sources

Severity

8.8HIGHNVD

CNA7.1

EPSS

0.1%

top 72.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Cloud PAK FOR Security IBM Qradar Suite Software IBM Qradar Suite

Timeline

PublishedJun 18

Description

IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5ibm/qradar_suite_software1.10.12.0 — 1.10.21.0

▶NVDibm/qradar_suite1.10.12.0 — 1.10.21.0

▶CVEListV5ibm/cloud_pak_for_security1.10.12.0 — 1.10.21.0

▶NVDibm/cloud_pak1.10.12.0 — 1.10.21.0

🔴Vulnerability Details

CVEList

IBM QRadar Suite improper input validation↗2024-06-18

▶

GHSA

GHSA-9f2j-v7x5-9jcf: IBM QRadar Suite Software 1↗2024-06-18

▶