CVE-2020-4280

CVSS 6.3 MEDIUMEPSS 73.5%

In short

IBM QRadar SIEM versions 7.3 and 7.4 have a flaw that allows attackers to run malicious commands on the server by sending specially crafted data. This happens because the software unsafely processes Java objects without proper validation.

Technical detail

The vulnerability exists in the Java deserialization function of QRadar SIEM 7.3/7.4, where user-supplied serialized objects are processed without adequate validation. An unauthenticated remote attacker can send a malicious serialized Java object to trigger arbitrary command execution on the affected system.

Summary generated and translated by AI from the official description.

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.

CVSS:3.0/AC:L/A:L/I:L/C:L/PR:L/UI:N/S:U/AV:N/E:U/RC:C/RL:O

Affected products

IBM · QRadar SIEM

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/159589/QRadar-RemoteJavaScript-Deserialization.html http://seclists.org/fulldisclosure/2020/Oct/18 https://exchange.xforce.ibmcloud.com/vulnerabilities/176140 https://www.ibm.com/support/pages/node/6344079