VYPR
← All advisories
High severity7.2NVD Advisory· Published May 27, 2026· Updated May 27, 2026

CVE-2024-56462

CVE-2024-56462

Description

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A privileged QRadar user can upload a malicious backup archive that, when restored, gains access to the underlying OS.

Vulnerability

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 contains a vulnerability that allows a privileged user to upload a malicious backup archive. When the archive is restored, the attacker can leverage it to gain access to the underlying operating system [1]. The affected versions are explicitly listed as 7.5.0 through 7.5.0 UP15 Interim Fix 002.

Exploitation

An attacker must already have a privileged user account on the QRadar system. With that privilege, the attacker can upload a specially crafted backup archive. The malicious archive must be restored, either by the attacker or by an administrator, to trigger the exploitation [1]. The exact steps beyond uploading and restoring the archive are not detailed in the available reference.

Impact

Successful exploitation allows the attacker to gain access to the underlying operating system of the QRadar host. This represents a full compromise of the system’s OS, potentially leading to data disclosure, service disruption, or further propagation [1]. The impact is rated as High with a CVSS v3 score of 7.2.

Mitigation

IBM has released a security bulletin acknowledging this vulnerability [1]. As of the publication date (2026-05-27), no specific fix version is named in the available reference. Users should monitor the IBM support page for an update or apply the next interim fix when available. If no fix exists, consider restricting the ability to upload and restore backup archives to only trusted, authorized users [1].

References
  1. Security Bulletin: IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1
  • IBM/QRadarllm-fuzzy
    Range: >=7.5.0 <=7.5.0 UP15 Interim Fix 002

Patches

0

No patches discovered yet.

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

1

News mentions

0

No linked articles in our index yet.