Multiple vulnerabilities in IBM QRadar SIEM
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2024-53197 CVE-2024-11218 CVE-2025-24813 CVE-2025-21785 CVE-2023-52922 CVE-2024-57979 CVE-2024-57807 CVE-2024-50302 CVE-2025-0624 CVE-2025-27516 CVE-2017-9047 CVE-2025-24928 CVE-2024-56171 CVE-2025-27363 |
| CWE-ID | CWE-787 CWE-264 CWE-20 CWE-125 CWE-416 CWE-667 CWE-401 CWE-119 CWE-121 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #8 is being exploited in the wild. Public exploit code for vulnerability #11 is available. Vulnerability #14 is being exploited in the wild. |
| Vulnerable software |
IBM Qradar SIEM Client/Desktop applications / Other client software |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU102090
Risk: High
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2024-53197
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the affected system.
The vulnerability exists due to an out-of-bounds write error within the snd_usb_create_quirk(), snd_usb_extigy_boot_quirk(), mbox2_setup_48_24_magic() and snd_usb_mbox2_boot_quirk() functions in sound/usb/quirks.c. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
Note, the vulnerability is being actively exploited against Android devices.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU103500
Risk: Medium
CVSSv4.0: 2.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-11218
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions during the build process. A remote user can leverage usage of a --mount flag in RUN instructions in Containerfiles along with multi-stage builds with use of concurrently-executing build stages or multiple separate but concurrently-executing builds to expose content from the build host and perform read/write operations on the system with privileges of the podman system service.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU105485
Risk: Critical
CVSSv4.0: 9.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2025-24813
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when handling file uploads via HTTP PUT requests. A remote attacker can send a specially crafted HTTP PUT request to the server and gain access to sensitive information or even execute arbitrary code.
If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- a target URL for security sensitive uploads that is a sub-directory of a target URL for public uploads
- attacker knowledge of the names of security sensitive files being uploaded
- the security sensitive files also being uploaded via partial PUT
If all of the following were true, a malicious user was able to perform remote code execution:
- writes enabled for the default servlet (disabled by default)
- support for partial PUT (enabled by default)
- application was using Tomcat's file based session persistence with the default storage location
- application included a library that may be leveraged in a deserialization attack
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Out-of-bounds read
EUVDB-ID: #VU104982
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-21785
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the populate_cache_leaves() function in arch/arm64/kernel/cacheinfo.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free
EUVDB-ID: #VU101033
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-52922
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the bcm_release() function in net/can/bcm.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free
EUVDB-ID: #VU104972
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57979
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ptp_ocp_complete() function in drivers/ptp/ptp_ocp.c, within the DEFINE_MUTEX(), pps_cdev_pps_fetch(), pps_cdev_ioctl(), pps_cdev_compat_ioctl(), pps_device_destruct(), pps_register_cdev(), pps_unregister_cdev(), EXPORT_SYMBOL() and pps_init() functions in drivers/pps/pps.c, within the pps_kc_bind() and pps_kc_remove() functions in drivers/pps/kc.c, within the pps_add_offset(), pps_register_source() and pps_event() functions in drivers/pps/kapi.c, within the parport_irq() function in drivers/pps/clients/pps_parport.c, within the pps_tty_dcd_change(), pps_tty_open() and pps_tty_close() functions in drivers/pps/clients/pps-ldisc.c, within the pps_ktimer_exit() and pps_ktimer_init() functions in drivers/pps/clients/pps-ktimer.c, within the pps_gpio_probe() function in drivers/pps/clients/pps-gpio.c. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper locking
EUVDB-ID: #VU102938
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-57807
CWE-ID:
CWE-667 - Improper Locking
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper locking within the megasas_aen_polling() function in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU100611
Risk: Medium
CVSSv4.0: 6.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID: CVE-2024-50302
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the hid_alloc_report_buf() function in drivers/hid/hid-core.c. A local user can perform a denial of service (DoS) attack.
Note, the vulnerability is being actively exploited in the wild against Android devices.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
9) Out-of-bounds write
EUVDB-ID: #VU104080
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-0624
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the grub_net_search_config_file() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF06:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU105387
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2025-27516
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the target system.
The vulnerability exists due to sandbox breakout through attr filter selecting format method. A local user can execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF06:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU9687
Risk: Low
CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-9047
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the xmlSnprintfElementContent function of XMLSoft libxml2 due to improper memory handling by the valid.c source code. A remote attacker can send a specially crafted XML file, trigger memory corruption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF06:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF01:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
12) Stack-based buffer overflow
EUVDB-ID: #VU104098
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2025-24928
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xmlSnprintfElements() function in valid.c. A remote attacker can pass specially crafted XML data to the application, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF06:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF02:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Use-after-free
EUVDB-ID: #VU104099
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-56171
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the xmlSchemaIDCFillNodeTables() and xmlSchemaBubbleIDCNodeTables() functions in xmlschemas.c. A remote attacker can pass specially crafted XML document to the application, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF06:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF03:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Out-of-bounds write
EUVDB-ID: #VU105715
Risk: Critical
CVSSv4.0: 8.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2025-27363
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can pass a specially crafted font to the application that is using an affected version of the library, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Qradar SIEM: 7.5.0 - 7.5.0 Update Pack 11 IF03
CPE2.3- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_1:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_2:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Package_3_Interim_Fix_02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_3_Interim_Fix_3:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_4:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_5_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_6:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF04:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF05:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_7_IF06:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF01:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF02:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_8_IF03:*:*:*:*:*:*
- cpe:2.3:a:ibm_corporation:ibm_qradar_siem:7.5.0:Update_Pack_9:*:*:*:*:*:*
https://www.ibm.com/support/pages/node/7231915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
