CVE-2024-56462
Analyzed Analyzed - Analysis Complete
Privileged Backup Restoration in IBM QRadar

Publication date: 2026-05-27

Last updated on: 2026-06-05

Assigner: IBM Corporation

Description
IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-06-05
Generated
2026-06-16
AI Q&A
2026-05-27
EPSS Evaluated
2026-06-15
NVD
CVE-2024-56462
EUVD
EUVD-2024-55601
Affected Vendors & Products
Showing 22 associated CPEs
Vendor Product Version / Range
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
ibm qradar_security_information_and_event_manager 7.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-530 A backup file is stored in a directory or archive that is made accessible to unauthorized actors.
CWE-552 The product makes files or directories accessible to unauthorized actors, even though they should not be.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2024-56462 is a vulnerability in IBM QRadar versions 7.5.0 through 7.5.0 UP15 Interim Fix 002 that allows a privileged user to upload a malicious backup archive. This malicious archive can then be restored, which could enable the attacker to gain access to the underlying operating system.

Impact Analysis

This vulnerability can have a significant impact as it allows a privileged user to escalate their access by uploading and restoring a malicious backup archive. This could lead to unauthorized access to the underlying operating system, potentially compromising the entire system's security, leading to data breaches, system manipulation, or further exploitation.

Mitigation Strategies

To mitigate CVE-2024-56462, it is important to apply the IBM QRadar SIEM 7.5.0 UP15 Interim Fix 03 (IF03), which updates affected components to patched versions.

This fix addresses multiple vulnerabilities, including the one allowing a privileged user to upload a malicious backup archive that could be restored to gain operating system access.

Applying the provided fix is the recommended immediate step to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-56462. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart