CVE-2020-4280
Severity CVSS v4.0:
Pending analysis
Type:
CWE-502
Deserialization of Untrusted Dat
Publication date:
08/10/2020
Last modified:
29/06/2022
Description
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
Base Score 2.0
9.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:*:*:*:* | 7.3.0 (including) | 7.3.3 (including) |
| cpe:2.3:a:ibm:qradar_security_information_and_event_manager:*:*:*:*:general_availability:*:*:* | 7.4.0 (including) | 7.4.1 (including) |
| cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:p1:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:p2:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:p3:*:*:*:*:*:* | ||
| cpe:2.3:a:ibm:qradar_security_information_and_event_manager:7.3.3:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page