Description
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.
Published: 2026-05-27
Score: 7.2 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

IBM QRadar SIEM versions 7.5.0 through 7.5.0 UP15 Interim Fix 002 contain a flaw that lets a privileged user upload a crafted backup archive. When this archive is restored, the attacker can gain access to the underlying operating system, effectively enabling remote code execution. The vulnerability is identified as CWE-530 and CWE-552 and evaluated with a CVSS score of 7.2.

Affected Systems

IBM QRadar SIEM (versions 7.5.0 and 7.5.0 UP15 Interim Fix 002) are affected; any installation running these releases without the interim fix is susceptible.

Risk and Exploitability

The flaw presents a high‑severity risk with a CVSS score of 7.2. The EPSS score is < 1%, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector requires an authenticated privileged user who can upload a malicious backup file; once the file is restored, the attacker is able to execute code on the host operating system, potentially compromising the SIEM environment and accessing sensitive data.

Generated by OpenCVE AI on June 5, 2026 at 20:48 UTC.

Remediation

Vendor Solution

IBM strongly encourages customers to update their systems promptly. ProductVersionFixIBM QRadar SIEM 7.5.0  7.5.0 UP15 IF03 https://www.ibm.com/support/fixcentral/swg/selectFix

OpenCVE Recommended Actions

  • Apply IBM QRadar SIEM 7.5.0 UP15 IF03 or a later patch immediately.
  • Restrict backup upload permissions so that only trusted administrators can upload or restore backup archives.
  • Monitor and audit backup upload and restore activities for anomalous behavior.

Generated by OpenCVE AI on June 5, 2026 at 20:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Ibm qradar Security Information And Event Manager
Weaknesses CWE-552
CPEs cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:-:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_10:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_11:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_12:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13_interim_fix_01:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_13_interim_fix_02:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14_interim_fix_01:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_14_interim_fix_02:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_15:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_15_interim_fix_01:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_15_interim_fix_02:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_1:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_2:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_3:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_4:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_5:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_6:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_7:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_8:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.5.0:update_pack_9:*:*:*:*:*:*
Vendors & Products Ibm qradar Security Information And Event Manager

Wed, 27 May 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.
Title IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
First Time appeared Ibm
Ibm qradar
Weaknesses CWE-530
CPEs cpe:2.3:a:ibm:qradar:7.5.0:*:*:*:*:*:*:*
cpe:2.3:a:ibm:qradar:7.5.0up15:interim_fix_002:*:*:*:*:*:*
Vendors & Products Ibm
Ibm qradar
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Ibm Qradar Qradar Security Information And Event Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: ibm

Published:

Updated: 2026-05-27T14:48:10.590Z

Reserved: 2024-12-26T12:50:20.772Z

Link: CVE-2024-56462

cve-icon Vulnrichment

Updated: 2026-05-27T14:48:06.866Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-27T14:16:41.417

Modified: 2026-06-05T18:57:53.623

Link: CVE-2024-56462

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T21:00:05Z

Weaknesses
  • CWE-530

    Exposure of Backup File to an Unauthorized Control Sphere

  • CWE-552

    Files or Directories Accessible to External Parties