Detections
Analytics

IBM QRadar SIEM 7.5.x < 7.5.0 UP15 IF03 Multiple Vulnerabilities

critical Nessus Plugin ID 318676

Synopsis

The remote IBM QRadar SIEM host is affected by multiple vulnerabilities.

Description

According to its self-reported version, the IBM QRadar SIEM installation on the remote host is 7.5.x prior to 7.5.0 Update Pack 15 Interim Fix 03. It is, therefore, affected by multiple vulnerabilities:

 - XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack that can cause heap corruption and crashes when parsing XML with very deep element nesting.
 (CVE-2006-10003)

 - In the Linux kernel, a heap overflow vulnerability exists in the nfsd subsystem that allows a remote attacker to execute arbitrary code or cause a denial of service. (CVE-2026-31402)

 - A use-after-free was possible in the Python lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile when a memory allocation fails with a MemoryError and the decompression instance is re-used. (CVE-2026-6100)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update IBM QRadar SIEM to version 7.5.0 Update Pack 15 Interim Fix 03 or later.

See Also

https://www.ibm.com/support/pages/node/7273957

https://www.ibm.com/support/pages/node/7272263

Plugin Details

Severity: Critical

ID: 318676

File Name: ibm_qradar_siem_7_5_0_up15_if03.nasl

Version: 1.1

Type: Local

Agent: unix

Family: Misc.

Published: 6/4/2026

Updated: 6/4/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-31402

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:ibm:qradar_security_information_and_event_manager

Required KB Items: installed_sw/IBM QRadar

Patch Publication Date: 5/27/2026

Vulnerability Publication Date: 5/27/2026

Reference Information

CVE: CVE-2006-10002, CVE-2006-10003, CVE-2024-41073, CVE-2024-56462, CVE-2025-40252, CVE-2025-68724, CVE-2025-68741, CVE-2026-1519, CVE-2026-23191, CVE-2026-23401, CVE-2026-27135, CVE-2026-28417, CVE-2026-28421, CVE-2026-31402, CVE-2026-31431, CVE-2026-33412, CVE-2026-34982, CVE-2026-35385, CVE-2026-35386, CVE-2026-35387, CVE-2026-35388, CVE-2026-35414, CVE-2026-35535, CVE-2026-4424, CVE-2026-4786, CVE-2026-5121, CVE-2026-6100