CVE-2024-56462 PUBLISHED

IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

Assigner: ibm
Reserved: 26.12.2024 Published: 27.05.2026 Updated: 27.05.2026

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 7.2

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	High	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	IBM
Product	QRadar
Versions	affected from 7.5.0 to 7.5.0 UP15 Interim Fix 002 (incl.)

Solutions

IBM strongly encourages customers to update their systems promptly.

ProductVersionFixIBM QRadar SIEM 7.5.0 7.5.0 UP15 IF03 https://www.ibm.com/support/fixcentral/swg/selectFix

References

https://www.ibm.com/support/pages/node/7273957

Problem Types

CWE-530 Exposure of Backup File to an Unauthorized Control Sphere CWE