Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-4888

IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.

  • Published: Jan 28, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-4888
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 8.8
  • AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

  • Severity: High
  • Score: 9
  • AV:N/AC:L/Au:S/C:C/I:C/A:C

CWEs:

OWASP TOP 10:

Software From Fixed in
ibm / qradar_security_information_and_event_manager 7.3.1-p4 7.3.1-p4.x
ibm / qradar_security_information_and_event_manager 7.3.1-p3 7.3.1-p3.x
ibm / qradar_security_information_and_event_manager 7.3.1-p6 7.3.1-p6.x
ibm / qradar_security_information_and_event_manager 7.3.1-p5 7.3.1-p5.x
ibm / qradar_security_information_and_event_manager 7.3.1 7.3.1.x
ibm / qradar_security_information_and_event_manager 7.3.2 7.3.2.x
ibm / qradar_security_information_and_event_manager 7.3.0 7.3.0.x
ibm / qradar_security_information_and_event_manager 7.3.2-p1 7.3.2-p1.x
ibm / qradar_security_information_and_event_manager 7.3.2-p2 7.3.2-p2.x
ibm / qradar_security_information_and_event_manager 7.3.2-p3 7.3.2-p3.x
ibm / qradar_security_information_and_event_manager 7.3.2-p4 7.3.2-p4.x
ibm / qradar_security_information_and_event_manager 7.3.3-p1 7.3.3-p1.x
ibm / qradar_security_information_and_event_manager 7.3.3 7.3.3.x
ibm / qradar_security_information_and_event_manager 7.3.3-p2 7.3.3-p2.x
ibm / qradar_security_information_and_event_manager 7.4.0-p1 7.4.0-p1.x
ibm / qradar_security_information_and_event_manager 7.4.0-p2 7.4.0-p2.x
ibm / qradar_security_information_and_event_manager 7.3.3-p3 7.3.3-p3.x
ibm / qradar_security_information_and_event_manager 7.4.0 7.4.0.x
ibm / qradar_security_information_and_event_manager 7.3.3-p4 7.3.3-p4.x
ibm / qradar_security_information_and_event_manager 7.4.1 7.4.1.x
ibm / qradar_security_information_and_event_manager 7.4.1-patch1 7.4.1-patch1.x
ibm / qradar_security_information_and_event_manager 7.3.3-p5 7.3.3-p5.x
ibm / qradar_security_information_and_event_manager 7.3.2-interim_fix_01 7.3.2-interim_fix_01.x
ibm / qradar_security_information_and_event_manager 7.3.2-interim_fix_02 7.3.2-interim_fix_02.x
ibm / qradar_security_information_and_event_manager 7.4.2-p1 7.4.2-p1.x
ibm / qradar_security_information_and_event_manager 7.4.2 7.4.2.x