CVE-2016-2877

{"id": "CVE-2016-2877", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.8}]}, "published": "2016-11-30T18:59:05.813", "references": [{"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987773", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "http://www.securityfocus.com/bid/95002", "source": "psirt@us.ibm.com"}, {"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21987773", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/95002", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak permissions for unspecified directories under the web root, which allows local users to modify data by writing to a file."}, {"lang": "es", "value": "IBM QRadar SIEM 7.1 en versiones anteriores a MR2 Patch 13 y 7.2 en versiones anteriores a 7.2.7 utiliza permisos d\u00e9biles para directorios no especificados bajo la ra\u00edz web, lo que permite a usuarios locales modificar datos escribiendo en un archivo."}], "lastModified": "2024-11-21T02:48:59.587", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:mr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "171FA49F-E938-4F8E-A0D5-5462960FBEBE", "versionEndIncluding": "7.1.0"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C137959-2279-4459-8A10-43AFE09E2641"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39D53329-E729-43C1-8C67-EFA4C3F7BFBC"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FC4EDCA-DF37-4366-B944-F342FA55EEFD"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09D0DA15-7DC3-4B1E-9CD9-EFC7FE4C0FEA"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76CA942D-70AD-4E0D-A28E-443FB7140A54"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6BE1C0B-DCDE-40E9-80AE-F9117FA23F68"}, {"criteria": "cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE8844C7-52E1-45A0-AC51-B6F6F14DE38A"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}