IBM QRadar 7.5.0 Backup Upload RCE via Malicious Archive
CVE-2024-56462 Published on May 27, 2026

IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2024-56462 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

Exposure of Backup File to an Unauthorized Control Sphere

A backup file is stored in a directory or archive that is made accessible to unauthorized actors. Often, older backup files are renamed with an extension such as .~bk to distinguish them from production files. The source code for old files that have been renamed in this manner and left in the webroot can often be retrieved. This renaming may have been performed automatically by the web server, or manually by the administrator.

Products Associated with CVE-2024-56462

Want to know whenever a new CVE is published for IBM Qradar? stack.watch will email you.

IBM Qradar

Affected Versions

IBM QRadar:

Version 7.5.0, <= 7.5.0 UP15 Interim Fix 002 is affected.

IBM QRadar 7.5.0 Backup Upload RCE via Malicious ArchiveCVE-2024-56462 Published on May 27, 2026

Vulnerability Analysis

Weakness Type

Exposure of Backup File to an Unauthorized Control Sphere

Products Associated with CVE-2024-56462

Affected Versions

IBM QRadar 7.5.0 Backup Upload RCE via Malicious Archive
CVE-2024-56462 Published on May 27, 2026