What is CVE-2020-4513?

CVE-2020-4513 is a vulnerability in IBM QRadar SIEM 7.3 and 7.4 that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.

How does CVE-2020-4513 affect IBM QRadar SIEM?

CVE-2020-4513 affects IBM QRadar SIEM 7.3 and 7.4, allowing users to inject malicious JavaScript code into the Web UI and potentially disclose credentials within a trusted session.

How severe is CVE-2020-4513?

CVE-2020-4513 has a severity score of 6.1, which is considered medium.

Which versions of IBM QRadar SIEM are affected by CVE-2020-4513?

IBM QRadar SIEM versions 7.3.0 to 7.3.2, 7.3.3, 7.4.0, and their corresponding maintenance releases (if applicable) are affected by CVE-2020-4513.

How can I fix CVE-2020-4513 in IBM QRadar SIEM?

To fix CVE-2020-4513, IBM provides patch updates for the affected versions of IBM QRadar SIEM. It is recommended to upgrade to the latest version and apply the necessary patches.

Vulnerability/
CVE-2020-4513

medium

6.1

CWE

13/7/2020

14/7/2020

17/9/2024

CVE-2020-4513: XSS

First published: Mon Jul 13 2020(Updated: )

IBM QRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	>=7.3.0<=7.3.2
IBM QRadar Security Information and Event Manager	=7.3.3
IBM QRadar Security Information and Event Manager	=7.3.3-p1
IBM QRadar Security Information and Event Manager	=7.3.3-p2
IBM QRadar Security Information and Event Manager	=7.3.3-p3
IBM QRadar Security Information and Event Manager	=7.4.0
IBM QRadar Security Information and Event Manager	=7.4.0-p1
IBM QRadar Security Information and Event Manager	=7.4.0-p2

Remedy

https://www.ibm.com/support/pages/node/6246131

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6246131

Frequently Asked Questions

What is CVE-2020-4513?
CVE-2020-4513 is a vulnerability in IBM QRadar SIEM 7.3 and 7.4 that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
How does CVE-2020-4513 affect IBM QRadar SIEM?
CVE-2020-4513 affects IBM QRadar SIEM 7.3 and 7.4, allowing users to inject malicious JavaScript code into the Web UI and potentially disclose credentials within a trusted session.
How severe is CVE-2020-4513?
CVE-2020-4513 has a severity score of 6.1, which is considered medium.
Which versions of IBM QRadar SIEM are affected by CVE-2020-4513?
IBM QRadar SIEM versions 7.3.0 to 7.3.2, 7.3.3, 7.4.0, and their corresponding maintenance releases (if applicable) are affected by CVE-2020-4513.
How can I fix CVE-2020-4513 in IBM QRadar SIEM?
To fix CVE-2020-4513, IBM provides patch updates for the affected versions of IBM QRadar SIEM. It is recommended to upgrade to the latest version and apply the necessary patches.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/remedy
agent/last-modified-date
agent/author
agent/weakness
agent/description
agent/tags
agent/event
collector/ibm-support
source/IBM
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.3.0
version/ibm qradar security information and event manager/7.3.2
version/ibm qradar security information and event manager/7.3.3
version/ibm qradar security information and event manager/7.3.3-p1
version/ibm qradar security information and event manager/7.3.3-p2
version/ibm qradar security information and event manager/7.3.3-p3
version/ibm qradar security information and event manager/7.4.0
version/ibm qradar security information and event manager/7.4.0-p1
version/ibm qradar security information and event manager/7.4.0-p2