CVE-2024-56462
Analyzed Analyzed - Analysis Complete

Privileged Backup Restoration in IBM QRadar

Vulnerability report for CVE-2024-56462, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-05-27

Last updated on: 2026-06-05

Assigner: IBM Corporation

Description

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-05-27
Last Modified
2026-06-05
Generated
2026-07-07
AI Q&A
2026-05-27
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 22 associated CPEs
Vendor Product Version / Range
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
CWE-530 A backup file is stored in a directory or archive that is made accessible to unauthorized actors.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2024-56462 is a vulnerability in IBM QRadar versions 7.5.0 through 7.5.0 UP15 Interim Fix 002 that allows a privileged user to upload a malicious backup archive. This malicious archive can then be restored, which could enable the attacker to gain access to the underlying operating system.

Impact Analysis

This vulnerability can have a significant impact as it allows a privileged user to escalate their access by uploading and restoring a malicious backup archive. This could lead to unauthorized access to the underlying operating system, potentially compromising the entire system's security, leading to data breaches, system manipulation, or further exploitation.

Mitigation Strategies

To mitigate CVE-2024-56462, it is important to apply the IBM QRadar SIEM 7.5.0 UP15 Interim Fix 03 (IF03), which updates affected components to patched versions.

This fix addresses multiple vulnerabilities, including the one allowing a privileged user to upload a malicious backup archive that could be restored to gain operating system access.

Applying the provided fix is the recommended immediate step to reduce the risk of exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-56462. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart