Published: 08/10/2020 Updated: 29/06/2022

CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 802

Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Subscribe to Qradar Security Information And Event Manager

IBM QRadar SIEM 7.3 and 7.4 could allow a remote malicious user to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ibm qradar_security_information_and_event_manager
ibm qradar_security_information_and_event_manager 7.3.3

A Java deserialization vulnerability exists in the QRadar RemoteJavaScript Servlet An authenticated user can call one of the vulnerable methods and cause the Servlet to deserialize arbitrary objects An attacker can exploit this vulnerability by creating a specially crafted (serialized) object, which amongst other things can result in a denial of ...

Full Disclosure mailing list archives   By Date By Thread </form>    Java deserialization vulnerability in QRadar RemoteJavaScript Servlet  <!--X-Head-of-Messag ...

CWE-502 https://exchange.xforce.ibmcloud.com/vulnerabilities/176140 https://www.ibm.com/support/pages/node/6344079 http://seclists.org/fulldisclosure/2020/Oct/18 http://packetstormsecurity.com/files/159589/QRadar-RemoteJavaScript-Deserialization.html https://nvd.nist.gov https://packetstormsecurity.com/files/159589/QRadar-RemoteJavaScript-Deserialization.html

CVE-2020-4280

Vulnerability Summary

Vulnerability Trend

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect