CVE-2023-47726

IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/272087	Vendor Advisory
https://https://www.ibm.com/support/pages/node/7157750	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/272087	Vendor Advisory
https://https://www.ibm.com/support/pages/node/7157750	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_pak_for_security::::::::
	cpe:2.3:a:ibm:qradar_suite::::::::

History

No history.

Information

Published : 2024-06-18 14:15

Updated : 2025-08-08 01:31

NVD link : CVE-2023-47726

Mitre link : CVE-2023-47726

CVE.ORG link : CVE-2023-47726

JSON object : View

Products Affected

ibm

cloud_pak_for_security
qradar_suite

CWE

CWE-1287

Improper Validation of Specified Type of Input

{"id": "CVE-2023-47726", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-18T14:15:10.317", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272087", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://https://www.ibm.com/support/pages/node/7157750", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272087", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://https://www.ibm.com/support/pages/node/7157750", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087."}, {"lang": "es", "value": "IBM QRadar Suite Software 1.10.12.0 a 1.10.21.0 e IBM Cloud Pak for Security 1.10.12.0 a 1.10.21.0 podr\u00edan permitir que un usuario autenticado ejecute ciertos comandos arbitrarios debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 272087."}], "lastModified": "2025-08-08T01:31:48.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07D2F97-3C9C-4829-B5A8-AB6225208855", "versionEndIncluding": "1.10.21.0", "versionStartIncluding": "1.10.12.0"}, {"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C9A369-ABBD-47AB-99F6-039A4B7FA4EE", "versionEndIncluding": "1.10.21.0", "versionStartIncluding": "1.10.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}