Vulnerability Details : CVE-2014-0838
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server.
Exploit prediction scoring system (EPSS) score for CVE-2014-0838
Probability of exploitation activity in the next 30 days: 0.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-0838
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-0838
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90681
IBM QRadar Security Information and Event Management AutoUpdate command execution CVE-2014-0838 Vulnerability Report
-
http://www.securityfocus.com/bid/65127
IBM QRadar Security Information and Event Manager Multiple Security Vulnerabilities
-
http://www-01.ibm.com/support/docview.wss?uid=swg21663066
IBM Security Bulletin: Multiple vulnerabilities in IBM QRadar SIEM (CVE-2014-0838, CVE-2014-0835, CVE-2014-0836, CVE-2014-0837)Vendor Advisory
Products affected by CVE-2014-0838
- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*