CVE-2023-47726

IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/272087	Vendor Advisory
https://https://www.ibm.com/support/pages/node/7157750	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/272087	Vendor Advisory
https://https://www.ibm.com/support/pages/node/7157750	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ibm:cloud_pak_for_security::::::::
	cpe:2.3:a:ibm:qradar_suite::::::::

History

08 Aug 2025, 01:31

Type	Values Removed	Values Added
First Time		Ibm qradar Suite Ibm Ibm cloud Pak For Security
CPE		cpe:2.3:a:ibm:cloud_pak_for_security:::::::: cpe:2.3:a:ibm:qradar_suite::::::::
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/272087 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/272087 - Vendor Advisory
References	~~() https://https://www.ibm.com/support/pages/node/7157750 -~~	() https://https://www.ibm.com/support/pages/node/7157750 - Vendor Advisory

Information

Published : 2024-06-18 14:15

Updated : 2025-08-08 01:31

NVD link : CVE-2023-47726

Mitre link : CVE-2023-47726

CVE.ORG link : CVE-2023-47726

JSON object : View

Products Affected

ibm

cloud_pak_for_security
qradar_suite

CWE

CWE-1287

Improper Validation of Specified Type of Input

{"id": "CVE-2023-47726", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2024-06-18T14:15:10.317", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272087", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://https://www.ibm.com/support/pages/node/7157750", "tags": ["Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/272087", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://https://www.ibm.com/support/pages/node/7157750", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "psirt@us.ibm.com", "description": [{"lang": "en", "value": "CWE-1287"}]}], "descriptions": [{"lang": "en", "value": "IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087."}, {"lang": "es", "value": "IBM QRadar Suite Software 1.10.12.0 a 1.10.21.0 e IBM Cloud Pak for Security 1.10.12.0 a 1.10.21.0 podr\u00edan permitir que un usuario autenticado ejecute ciertos comandos arbitrarios debido a una validaci\u00f3n de entrada incorrecta. ID de IBM X-Force: 272087."}], "lastModified": "2025-08-08T01:31:48.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:cloud_pak_for_security:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D07D2F97-3C9C-4829-B5A8-AB6225208855", "versionEndIncluding": "1.10.21.0", "versionStartIncluding": "1.10.12.0"}, {"criteria": "cpe:2.3:a:ibm:qradar_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C9A369-ABBD-47AB-99F6-039A4B7FA4EE", "versionEndIncluding": "1.10.21.0", "versionStartIncluding": "1.10.12.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}