Ibm Qradar_security_information_and_event_manager
61 CVEs affecting Ibm Qradar_security_information_and_event_manager. Latest disclosed: 2026-05-27. Critical: 0, High: 17.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-1696 | High | 8.8 | 2017-12-20 | IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an atta… |
CVE-2016-9726 | High | 8.8 | 2017-03-07 | IBM QRadar Incident Forensics 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted reque… |
CVE-2016-2873 | High | 8.8 | 2016-11-30 | SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allows remote authenticated users to execute arbitrary SQL commands… |
CVE-2016-2875 | High | 8.8 | 2016-08-08 | IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote authenticated users to execute arbitrary OS commands as root via unspecified vectors. |
CVE-2016-9727 | High | 8.5 | 2017-03-07 | IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker cou… |
CVE-2016-9724 | High | 8.1 | 2017-03-07 | IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could e… |
CVE-2016-2878 | High | 8.0 | 2016-11-30 | Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the… |
CVE-2016-2880 | High | 7.8 | 2017-03-01 | IBM QRadar 7.2 stores the encryption key used to encrypt the service account password which can be obtained by a local user. IBM Reference #: 1997340. |
CVE-2016-2879 | High | 7.8 | 2017-03-01 | IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference… |
CVE-2016-2871 | High | 7.8 | 2016-11-30 | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive inf… |
CVE-2017-1162 | High | 7.5 | 2017-09-12 | IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force I… |
CVE-2016-9738 | High | 7.5 | 2017-06-27 | IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IB… |
CVE-2016-9740 | High | 7.5 | 2017-03-07 | IBM QRadar 7.2 could allow a remote attacker to consume all resources on the server due to not properly restricting the size or amount of resources requested b… |
CVE-2016-9728 | High | 7.5 | 2017-03-07 | IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, informati… |
CVE-2016-2876 | High | 7.5 | 2016-11-30 | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote a… |
CVE-2015-4956 | High | 7.4 | 2016-02-15 | The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. |
CVE-2024-56462 | High | 7.2 | 2026-05-27 | IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain… |
CVE-2016-9750 | Medium | 6.5 | 2017-05-15 | IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 120207. |
CVE-2016-9729 | Medium | 6.5 | 2017-03-07 | IBM QRadar 7.2 does not perform an authentication check for a critical resource or functionality allowing anonymous users access to protected areas. IBM Refere… |
CVE-2016-2881 | Medium | 6.5 | 2016-11-30 | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and QRadar Incident Forensics 7.2 before 7.2.7 allow remote attackers to bypass intended access re… |