IBM QRadar Suite Software 1.10.12-1.10.21 Auth Cmd Exec via Inp Val
CVE-2023-47726 Published on June 18, 2024

IBM QRadar Suite improper input validation
IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2023-47726 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.


Products Associated with CVE-2023-47726

stack.watch emails you whenever new vulnerabilities are published in IBM Qradar Suite or IBM Cloud Pak For Security. Just hit a watch button to start following.

IBM Qradar Suite
 
IBM Cloud Pak For Security
 

Affected Versions

IBM QRadar Suite Software: IBM Cloud Pak for Security:

Exploit Probability

EPSS
0.10%
Percentile
27.88%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.