IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880)

An IBM QRadar SIEM user with shell access could obtain the encryption key used to encrypt certain passwords.

CVE(s): CVE-2016-2880

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2lPzhbO
X-Force Database: http://ift.tt/2lknJd1

The post IBM Security Bulletin: IBM QRadar SIEM contains hard-coded credentials (CVE-2016-2880) appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team http://ift.tt/2lPxO57