Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-4789

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302.

  • Published: Jan 27, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-4789
  • Severity: Medium
  • Exploit:

CVSS v3:

  • Severity: Medium
  • Score: 6.5
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

  • Severity: Low
  • Score: 4
  • AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
ibm / qradar_security_information_and_event_manager 7.3.1-p4 7.3.1-p4.x
ibm / qradar_security_information_and_event_manager 7.3.1-p3 7.3.1-p3.x
ibm / qradar_security_information_and_event_manager 7.3.1-p6 7.3.1-p6.x
ibm / qradar_security_information_and_event_manager 7.3.1-p5 7.3.1-p5.x
ibm / qradar_security_information_and_event_manager 7.3.1 7.3.1.x
ibm / qradar_security_information_and_event_manager 7.3.2 7.3.2.x
ibm / qradar_security_information_and_event_manager 7.3.0 7.3.0.x
ibm / qradar_security_information_and_event_manager 7.3.2-p1 7.3.2-p1.x
ibm / qradar_security_information_and_event_manager 7.3.2-p2 7.3.2-p2.x
ibm / qradar_security_information_and_event_manager 7.3.2-p3 7.3.2-p3.x
ibm / qradar_security_information_and_event_manager 7.3.2-p4 7.3.2-p4.x
ibm / qradar_security_information_and_event_manager 7.3.3-p1 7.3.3-p1.x
ibm / qradar_security_information_and_event_manager 7.3.3 7.3.3.x
ibm / qradar_security_information_and_event_manager 7.3.3-p2 7.3.3-p2.x
ibm / qradar_security_information_and_event_manager 7.4.0-p1 7.4.0-p1.x
ibm / qradar_security_information_and_event_manager 7.4.0-p2 7.4.0-p2.x
ibm / qradar_security_information_and_event_manager 7.3.3-p3 7.3.3-p3.x
ibm / qradar_security_information_and_event_manager 7.4.0 7.4.0.x
ibm / qradar_security_information_and_event_manager 7.3.3-p4 7.3.3-p4.x
ibm / qradar_security_information_and_event_manager 7.4.1 7.4.1.x
ibm / qradar_security_information_and_event_manager 7.4.1-patch1 7.4.1-patch1.x
ibm / qradar_security_information_and_event_manager 7.3.3-p5 7.3.3-p5.x
ibm / qradar_security_information_and_event_manager 7.3.2-interim_fix_01 7.3.2-interim_fix_01.x
ibm / qradar_security_information_and_event_manager 7.3.2-interim_fix_02 7.3.2-interim_fix_02.x
ibm / qradar_security_information_and_event_manager 7.4.2-p1 7.4.2-p1.x
ibm / qradar_security_information_and_event_manager 7.4.2 7.4.2.x