CVE-2016-2874

Published: Nov 30, 2016Modified: May 6, 2026

3.1

Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 1.6 / Impact: 1.4

Source: NVD

Description

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 mishandles authorization, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

Affected (8)

Products: Ibm: Qradar Security Information And Event Manager

Ibm

1 product

Qradar Security Information And Event Manager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Ibm Qradar Security Information And Event Manager	Up to 7.1.0
Ibm Qradar Security Information And Event Manager	Version 7.2.0
Ibm Qradar Security Information And Event Manager	Version 7.2.1
Ibm Qradar Security Information And Event Manager	Version 7.2.2
Ibm Qradar Security Information And Event Manager	Version 7.2.3
Ibm Qradar Security Information And Event Manager	Version 7.2.4
Ibm Qradar Security Information And Event Manager	Version 7.2.5
Ibm Qradar Security Information And Event Manager	Version 7.2.6

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://www-01.ibm.com/support/docview.wss?uid=swg21987771

Source: psirt@us.ibm.com

PatchVendor Advisory

http://www.securityfocus.com/bid/95003

Source: psirt@us.ibm.com

http://www-01.ibm.com/support/docview.wss?uid=swg21987771

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/95003

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.