CVE-2024-56462
EUVD-2024-5560127.05.2026, 14:16
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| ibm | qradar_security_information_and_event_manager | 7.5.0 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_1 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_10 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_11 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_12 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_13 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_13_interim_fix_01 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_13_interim_fix_02 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_14 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_14_interim_fix_01 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_14_interim_fix_02 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_15 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_15_interim_fix_01 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_15_interim_fix_02 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_2 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_3 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_4 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_5 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_6 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_7 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_8 |
| ibm | qradar_security_information_and_event_manager | 7.5.0:update_pack_9 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-530 - Exposure of Backup File to an Unauthorized Control SphereA backup file is stored in a directory or archive that is made accessible to unauthorized actors.
- CWE-552 - Files or Directories Accessible to External PartiesThe product makes files or directories accessible to unauthorized actors, even though they should not be.