What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2020-4510.

What is the severity of CVE-2020-4510?

The severity of CVE-2020-4510 is high (score: 7.6).

Which versions of IBM QRadar SIEM are affected by this vulnerability?

IBM QRadar SIEM versions 7.3.0 to 7.3.2, 7.3.3, 7.3.3-p1, 7.3.3-p2, 7.3.3-p3, 7.4.0, 7.4.0-p1, and 7.4.0-p2 are affected by this vulnerability.

What is the risk of this vulnerability?

This vulnerability could be exploited by a remote attacker to expose sensitive information or consume memory resources.

Vulnerability/
CVE-2020-4510

high

7.6

CWE

611

13/7/2020

4/8/2024

CVE-2020-4510: XEE

Q: What is the title of this vulnerability?

The title of this vulnerability is 'IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.'

First published: Mon Jul 13 2020(Updated: )

IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	>=7.3.0<=7.3.2
IBM QRadar Security Information and Event Manager	=7.3.3
IBM QRadar Security Information and Event Manager	=7.3.3-p1
IBM QRadar Security Information and Event Manager	=7.3.3-p2
IBM QRadar Security Information and Event Manager	=7.3.3-p3
IBM QRadar Security Information and Event Manager	=7.4.0
IBM QRadar Security Information and Event Manager	=7.4.0-p1
IBM QRadar Security Information and Event Manager	=7.4.0-p2

Remedy

https://www.ibm.com/support/pages/node/6246133

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6246133

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-4510.
What is the title of this vulnerability?
The title of this vulnerability is 'IBM QRadar is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.'
What is the severity of CVE-2020-4510?
The severity of CVE-2020-4510 is high (score: 7.6).
Which versions of IBM QRadar SIEM are affected by this vulnerability?
IBM QRadar SIEM versions 7.3.0 to 7.3.2, 7.3.3, 7.3.3-p1, 7.3.3-p2, 7.3.3-p3, 7.4.0, 7.4.0-p1, and 7.4.0-p2 are affected by this vulnerability.
What is the risk of this vulnerability?
This vulnerability could be exploited by a remote attacker to expose sensitive information or consume memory resources.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/tags
agent/event
collector/ibm-support
source/IBM
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.3.0
version/ibm qradar security information and event manager/7.3.2
version/ibm qradar security information and event manager/7.3.3
version/ibm qradar security information and event manager/7.3.3-p1
version/ibm qradar security information and event manager/7.3.3-p2
version/ibm qradar security information and event manager/7.3.3-p3
version/ibm qradar security information and event manager/7.4.0
version/ibm qradar security information and event manager/7.4.0-p1
version/ibm qradar security information and event manager/7.4.0-p2