CVE Vulnerabilities

CVE-2016-2879

Inadequate Encryption Strength

Published: Mar 01, 2017 | Modified: Mar 04, 2017
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

IBM QRadar 7.2 uses outdated hashing algorithms to hash certain passwords, which could allow a local user to obtain and decrypt user credentials. IBM Reference #: 1997341.

Weakness

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

Affected Software

Name Vendor Start Version End Version
Qradar_security_information_and_event_manager Ibm 7.2.7 7.2.7
Qradar_security_information_and_event_manager Ibm 7.2.0 7.2.0
Qradar_security_information_and_event_manager Ibm 7.2.4 7.2.4
Qradar_security_information_and_event_manager Ibm 7.2.6 7.2.6
Qradar_security_information_and_event_manager Ibm 7.2.1 7.2.1
Qradar_security_information_and_event_manager Ibm 7.2.5 7.2.5
Qradar_security_information_and_event_manager Ibm 7.2.2 7.2.2
Qradar_security_information_and_event_manager Ibm 7.2.3 7.2.3

Potential Mitigations

References