← Back

CVE-2017-1723

nvd nist
Published: Apr 26, 2018Modified: Nov 21, 2024

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 134812.

Affected (51)

Ibm
3 products
Qradar Security Information And Event Manager
Qradar Incident Forensics
Qradar Network Insights
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Qradar Security Information And Event Manager
From 7.2.0 to 7.2.8
Qradar Security Information And Event Manager
Version 7.2.8
Qradar Security Information And Event Manager
Version 7.2.8 p10
Qradar Security Information And Event Manager
Version 7.2.8 p11
Qradar Security Information And Event Manager
Version 7.2.8 p1
Qradar Security Information And Event Manager
Version 7.2.8 p2
Qradar Security Information And Event Manager
Version 7.2.8 p3
Qradar Security Information And Event Manager
Version 7.2.8 p4
Qradar Security Information And Event Manager
Version 7.2.8 p5
Qradar Security Information And Event Manager
Version 7.2.8 p6
Qradar Security Information And Event Manager
Version 7.2.8 p7
Qradar Security Information And Event Manager
Version 7.2.8 p8
Qradar Security Information And Event Manager
Version 7.2.8 p9
Qradar Security Information And Event Manager
Version 7.3.0
Qradar Security Information And Event Manager
Version 7.3.1
Qradar Security Information And Event Manager
Version 7.3.1 p1
Qradar Security Information And Event Manager
Version 7.3.1 p2
Configuration B
17 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Qradar Incident Forensics
From 7.2.0 to 7.2.8
Qradar Incident Forensics
Version 7.2.8
Qradar Incident Forensics
Version 7.2.8 p10
Qradar Incident Forensics
Version 7.2.8 p11
Qradar Incident Forensics
Version 7.2.8 p1
Qradar Incident Forensics
Version 7.2.8 p2
Qradar Incident Forensics
Version 7.2.8 p3
Qradar Incident Forensics
Version 7.2.8 p4
Qradar Incident Forensics
Version 7.2.8 p5
Qradar Incident Forensics
Version 7.2.8 p6
Qradar Incident Forensics
Version 7.2.8 p7
Qradar Incident Forensics
Version 7.2.8 p8
Qradar Incident Forensics
Version 7.2.8 p9
Qradar Incident Forensics
Version 7.3.0
Qradar Incident Forensics
Version 7.3.1
Qradar Incident Forensics
Version 7.3.1 p1
Qradar Incident Forensics
Version 7.3.1 p2
Configuration C
17 vulnerable
Vulnerable SoftwareAffected Versions
Ibm
Qradar Network Insights
From 7.2.0 to 7.2.8
Qradar Network Insights
Version 7.2.8
Qradar Network Insights
Version 7.2.8 p10
Qradar Network Insights
Version 7.2.8 p11
Qradar Network Insights
Version 7.2.8 p1
Qradar Network Insights
Version 7.2.8 p2
Qradar Network Insights
Version 7.2.8 p3
Qradar Network Insights
Version 7.2.8 p4
Qradar Network Insights
Version 7.2.8 p5
Qradar Network Insights
Version 7.2.8 p6
Qradar Network Insights
Version 7.2.8 p7
Qradar Network Insights
Version 7.2.8 p8
Qradar Network Insights
Version 7.2.8 p9
Qradar Network Insights
Version 7.3.0
Qradar Network Insights
Version 7.3.1
Qradar Network Insights
Version 7.3.1 p1
Qradar Network Insights
Version 7.3.1 p2

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

Source: psirt@us.ibm.com
PatchVendor Advisory
Source: psirt@us.ibm.com
VDB EntryVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
VDB EntryVendor Advisory

Timeline

No history available yet.