What is the vulnerability ID?

The vulnerability ID is CVE-2020-4979.

What is the severity of CVE-2020-4979?

The severity of CVE-2020-4979 is critical.

Which version of IBM QRadar SIEM is affected by CVE-2020-4979?

IBM QRadar SIEM versions 7.3 and 7.4 are affected by CVE-2020-4979.

How can an attacker exploit CVE-2020-4979?

An attacker that is able to compromise or spoof traffic between hosts may be able to execute arbitrary commands.

Is there a fix available for CVE-2020-4979?

Yes, there are fix packs available for IBM QRadar SIEM versions 7.3 and 7.4.

Vulnerability/
CVE-2020-4979

critical

9.8

29/4/2021

3/5/2022

CVE-2020-4979

First published: Thu Apr 29 2021(Updated: )

IBM QRadar SIEM is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM QRadar Security Information and Event Manager	>=7.3.0<7.3.3
IBM QRadar Security Information and Event Manager	>=7.4.0<7.4.2
IBM QRadar Security Information and Event Manager	=7.3.3
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_1
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_2
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_3
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_4
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_5
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_6
IBM QRadar Security Information and Event Manager	=7.3.3-fix_pack_7
IBM QRadar Security Information and Event Manager	=7.4.2
IBM QRadar Security Information and Event Manager	=7.4.2-fix_pack_1
IBM QRadar Security Information and Event Manager	=7.4.2-fix_pack_2

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6449668

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2020-4979.
What is the severity of CVE-2020-4979?
The severity of CVE-2020-4979 is critical.
Which version of IBM QRadar SIEM is affected by CVE-2020-4979?
IBM QRadar SIEM versions 7.3 and 7.4 are affected by CVE-2020-4979.
How can an attacker exploit CVE-2020-4979?
An attacker that is able to compromise or spoof traffic between hosts may be able to execute arbitrary commands.
Is there a fix available for CVE-2020-4979?
Yes, there are fix packs available for IBM QRadar SIEM versions 7.3 and 7.4.

collector/ibm-support
collector/nvd-index
agent/tags
agent/event
agent/severity
agent/references
agent/author
agent/description
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
vendor/ibm
canonical/ibm qradar security information and event manager
version/ibm qradar security information and event manager/7.3.0
version/ibm qradar security information and event manager/7.4.0
version/ibm qradar security information and event manager/7.3.3
version/ibm qradar security information and event manager/7.3.3-fix_pack_1
version/ibm qradar security information and event manager/7.3.3-fix_pack_2
version/ibm qradar security information and event manager/7.3.3-fix_pack_3
version/ibm qradar security information and event manager/7.3.3-fix_pack_4
version/ibm qradar security information and event manager/7.3.3-fix_pack_5
version/ibm qradar security information and event manager/7.3.3-fix_pack_6
version/ibm qradar security information and event manager/7.3.3-fix_pack_7
version/ibm qradar security information and event manager/7.4.2
version/ibm qradar security information and event manager/7.4.2-fix_pack_1
version/ibm qradar security information and event manager/7.4.2-fix_pack_2