CVE-2016-2881

IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access restrictions via modified request parameters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
ibmCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
ibmqradar_security_information_and_event_manager
𝑥
≤ 7.1.0
ibmqradar_security_information_and_event_manager
7.2.0
ibmqradar_security_information_and_event_manager
7.2.1
ibmqradar_security_information_and_event_manager
7.2.2
ibmqradar_security_information_and_event_manager
7.2.3
ibmqradar_security_information_and_event_manager
7.2.4
ibmqradar_security_information_and_event_manager
7.2.5
ibmqradar_security_information_and_event_manager
7.2.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www-01.ibm.com/support/docview.wss?uid=swg21987777
http://www-01.ibm.com/support/docview.wss?uid=swg21987777