Vulnerability Details CVE-2014-0838
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/102553
- http://www-01.ibm.com/support/docview.wss?uid=swg21663066
- http://www.securityfocus.com/bid/65127
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90681
- http://osvdb.org/102553
- http://www-01.ibm.com/support/docview.wss?uid=swg21663066
- http://www.securityfocus.com/bid/65127
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90681
Products affected by CVE-2014-0838
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:-
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.0.0
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.0.1
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.0
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.1
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.1.2
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2
-
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0