Primary

Context

IBM QRadar SIEM XML External Entity Injection Vulnerability

Vulnerability

Patched

An XML external entity injection (XXE) vulnerability has been identified in IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12. This vulnerability arises when the application processes XML data, allowing remote attackers to exploit it to access sensitive information or deplete memory resources.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information or excessive memory consumption, potentially causing a denial-of-service condition.

Remediation

Users are advised to update to IBM QRadar SIEM version 7.5.0 Update Package 12 Interim Fix 02.

Added: Jun 19, 2025, 6:18 PM

Updated: Jun 19, 2025, 6:18 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

3.1

exploitability

7.0

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

IBM QRadar SIEM XML External Entity Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

IBM QRadar SIEM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating