CVE-2020-4280

MEDIUM6.3

High EPSS

Description

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.

CVSS breakdown

CVSS 3.0

Attack Complexity

Low

Availability

Low

Integrity

Low

Confidentiality

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Attack Vector

Network

Unchanged

Changed

Affected products

ibm / QRadar SIEM7.3.0 – 7.3.0
ibm / QRadar SIEM7.3.3.Patch.4 – 7.3.3.Patch.4
ibm / QRadar SIEM7.4.0 – 7.4.0
ibm / QRadar SIEM7.4.1 – 7.4.1

References

MISChttps://www.ibm.com/support/pages/node/6344079
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/176140
MAILING_LISThttp://seclists.org/fulldisclosure/2020/Oct/18
EXPLOIThttp://packetstormsecurity.com/files/159589/QRadar-RemoteJavaScript-Deserialization.html