CVE-2016-2868

EUVD-2016-3941
IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 38%
Affected Products (NVD)
VendorProductVersion
ibmqradar_security_information_and_event_manager
𝑥
≤ 7.2.6
𝑥
= Vulnerable software versions
References
http://www-01.ibm.com/support/docview.wss?uid=swg21985774
http://www-01.ibm.com/support/docview.wss?uid=swg21985774