What is the severity of CVE-2020-4364?

CVE-2020-4364 is classified as a high-severity vulnerability due to its potential for credential disclosure and impact on user session security.

How do I fix CVE-2020-4364?

To remediate CVE-2020-4364, upgrade IBM QRadar Security Information and Event Manager to the latest version available that addresses this vulnerability.

Which versions of IBM QRadar are affected by CVE-2020-4364?

CVE-2020-4364 affects IBM QRadar versions 7.3.0 to 7.3.2, 7.3.3, and 7.4.0.

What type of vulnerability is CVE-2020-4364?

CVE-2020-4364 is a cross-site scripting (XSS) vulnerability that allows the injection of arbitrary JavaScript code into the Web UI.

What are the potential impacts of CVE-2020-4364?

The potential impacts of CVE-2020-4364 include unauthorized disclosure of credentials and alteration of the intended functionality within a trusted user session.

Vulnerability/
CVE-2020-4364

medium

5.4

CWE

13/7/2020

14/7/2020

17/9/2024

CVE-2020-4364: XSS

First published: Mon Jul 13 2020(Updated: )

IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	>=7.3.0<=7.3.2
IBM QRadar Security Information and Event Manager	=7.3.3
IBM QRadar Security Information and Event Manager	=7.3.3-p1
IBM QRadar Security Information and Event Manager	=7.3.3-p2
IBM QRadar Security Information and Event Manager	=7.3.3-p3
IBM QRadar Security Information and Event Manager	=7.4.0
IBM QRadar Security Information and Event Manager	=7.4.0-p1
IBM QRadar Security Information and Event Manager	=7.4.0-p2

Remedy

https://www.ibm.com/support/pages/node/6246139

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6246139

Frequently Asked Questions

What is the severity of CVE-2020-4364?
CVE-2020-4364 is classified as a high-severity vulnerability due to its potential for credential disclosure and impact on user session security.
How do I fix CVE-2020-4364?
To remediate CVE-2020-4364, upgrade IBM QRadar Security Information and Event Manager to the latest version available that addresses this vulnerability.
Which versions of IBM QRadar are affected by CVE-2020-4364?
CVE-2020-4364 affects IBM QRadar versions 7.3.0 to 7.3.2, 7.3.3, and 7.4.0.
What type of vulnerability is CVE-2020-4364?
CVE-2020-4364 is a cross-site scripting (XSS) vulnerability that allows the injection of arbitrary JavaScript code into the Web UI.
What are the potential impacts of CVE-2020-4364?
The potential impacts of CVE-2020-4364 include unauthorized disclosure of credentials and alteration of the intended functionality within a trusted user session.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/ibm-support
source/IBM
agent/weakness
agent/remedy
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/tags
agent/source
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.3.0
version/ibm qradar security information and event manager/7.3.2
version/ibm qradar security information and event manager/7.3.3
version/ibm qradar security information and event manager/7.3.3-p1
version/ibm qradar security information and event manager/7.3.3-p2
version/ibm qradar security information and event manager/7.3.3-p3
version/ibm qradar security information and event manager/7.4.0
version/ibm qradar security information and event manager/7.4.0-p1
version/ibm qradar security information and event manager/7.4.0-p2