Main
Vulnerability Database
Exploits
ID:1832 - Exploit for Command injection in IBM Qradar SIEM - CVE-2018-1418
ID:1832 - Exploit for Command injection in IBM Qradar SIEM - CVE-2018-1418
Published: March 18, 2020
Vulnerability identifier: #VU13045
Vulnerability risk: Low
CVE-ID: CVE-2018-1418
CWE-ID: CWE-77
Exploitation vector: Remote access
Vulnerable software:
IBM Qradar SIEM
IBM Qradar SIEM
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to bypass authentication, gain elevated privileges and execute arbitrary commands on the target system.
The weakness exists due to a built-in application to perform forensic analysis on certain files is disabled in the free Community Edition, but the code is still there. A remote attacker can abuse both components of the forensics application (servlet running in Java, and the main web application running PHP), bypass authentication, write a file to disk, and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
The weakness exists due to a built-in application to perform forensic analysis on certain files is disabled in the free Community Edition, but the code is still there. A remote attacker can abuse both components of the forensics application (servlet running in Java, and the main web application running PHP), bypass authentication, write a file to disk, and execute arbitrary commands with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Install update from vendor's website.
http://www.ibm.com/support/docview.wss?uid=swg22015797
http://www.ibm.com/support/docview.wss?uid=swg22015797