First published: Thu Oct 08 2020(Updated: )
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM QRadar Security Information and Event Manager | >=7.3.0<=7.3.3 | |
IBM QRadar Security Information and Event Manager | >=7.4.0<=7.4.1 | |
IBM QRadar Security Information and Event Manager | =7.3.3-p1 | |
IBM QRadar Security Information and Event Manager | =7.3.3-p2 | |
IBM QRadar Security Information and Event Manager | =7.3.3-p3 | |
IBM QRadar Security Information and Event Manager | =7.3.3-p4 | |
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-4280 is a vulnerability in IBM QRadar SIEM 7.3 and 7.4 that could allow a remote attacker to execute arbitrary commands on the system.
CVE-2020-4280 occurs due to insecure deserialization of user-supplied content by the Java deserialization function in IBM QRadar SIEM 7.3 and 7.4.
CVE-2020-4280 is rated as critical with a severity score of 8.8.
CVE-2020-4280 affects IBM QRadar SIEM 7.3.0 to 7.3.3-p4 and 7.4.0 to 7.4.1.
CVE-2020-4280 can be exploited by sending a malicious serialized Java object.