CVE-2015-2011
IBM QRadar SIEM 7.1 MR2-7.2.x - Authenticated Remote Code Execution via xmlrpc.cgi
Title source: llmDescription
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21965817
Scores
EPSS
0.0221
EPSS Percentile
80.3%
Details
CWE
CWE-77
Status
published
Products (6)
ibm/qradar_security_information_and_event_manager
7.1.0
ibm/qradar_security_information_and_event_manager
7.2.0
ibm/qradar_security_information_and_event_manager
7.2.1
ibm/qradar_security_information_and_event_manager
7.2.2
ibm/qradar_security_information_and_event_manager
7.2.3
ibm/qradar_security_information_and_event_manager
7.2.4
Published
Oct 04, 2015
Tracked Since
Feb 18, 2026