CVE-2016-2868
Description
IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote authenticated administrators to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
IBM QRadar SIEM 7.2.x before 7.2.7 allows authenticated administrators to read arbitrary files via an XML External Entity (XXE) injection.
Vulnerability
IBM QRadar SIEM versions 7.2.x prior to 7.2.7 are vulnerable to an XML External Entity (XXE) injection in the user interface. A remote authenticated administrator can upload specially crafted XML data that contains an external entity declaration in conjunction with an entity reference, leading to the processing of untrusted XML. This issue is identified as CVE-2016-2868 [1].
Exploitation
An attacker must have valid administrator credentials and network access to the QRadar SIEM console. By uploading a malicious XML file containing an external entity reference, the attacker can trigger the XXE vulnerability. No user interaction beyond the initial upload is required [1].
Impact
Successful exploitation allows the attacker to read arbitrary files from the system, leading to information disclosure. The confidentiality impact is limited to file contents accessible by the QRadar process, with no impact on integrity or availability. The CVSS v3 base score is 2.7 (Low) [1].
Mitigation
IBM has addressed this vulnerability in QRadar SIEM version 7.2.7. Users should upgrade to this or a later release. No workarounds are available [1].
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:*Range: <=7.2.6
- Range: <7.2.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www-01.ibm.com/support/docview.wssnvdPatchVendor Advisory
News mentions
0No linked articles in our index yet.