CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4993
https://notcve.org/view.php?id=CVE-2020-4993
05 May 2021 — IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905. IBM QRadar SIEM versiones 7.3 y 7.4, cuando se descomprime o comprueba la firma de archivos zip que procesa los datos de una manera que puede ser vulnerable a ataques de saltos de ruta. IBM X-Force ID: 192905 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192905 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4979
https://notcve.org/view.php?id=CVE-2020-4979
05 May 2021 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment communication. An attacker that is able to comprimise or spoof traffic between hosts may be able to execute arbitrary commands. IBM X-Force D: 192538. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a la comunicación no segura entre implementaciones. Un atacante que pueda comprometer o falsificar el tráfico entre hosts puede ejecutar comandos arbitrarios. • https://exchange.xforce.ibmcloud.com/vulnerabilities/192538 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4932
https://notcve.org/view.php?id=CVE-2020-4932
05 May 2021 — IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 191748. IBM QRadar SIEM versiones 7.3 y 7.4, contiene credenciales embebidas, como una contraseña o clave criptográfica, que usa para su propia autenticación entrante, comunicación saliente a componentes externos o cifrado de datos internos. IBM X-Force ID: 19... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191748 • CWE-798: Use of Hard-coded Credentials •
CVSS: 5.4EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4929
https://notcve.org/view.php?id=CVE-2020-4929
05 May 2021 — IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191706. IBM QRadar SIEM versiones 7.3 y 7.4, es vulnerable a un cross-site scripting. Esta vulnerabilidad permite a usuarios insertar un código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad pr... • https://exchange.xforce.ibmcloud.com/vulnerabilities/191706 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2020-4883
https://notcve.org/view.php?id=CVE-2020-4883
05 May 2021 — IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about other domains which could be used in further attacks against the system. IBM X-Force ID: 190907. IBM QRadar SIEM versiones 7.3 y 7.4, podría divulgar información confidencial sobre otros dominios que podrían ser usado en futuros ataques contra el sistema. IBM X-Force ID: 190907 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190907 •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2020-5032
https://notcve.org/view.php?id=CVE-2020-5032
04 Feb 2021 — IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable to a temporary denial of service attack when sent particular payloads. IBM X-Force ID: 194178. IBM QRadar SIEM versiones 7.3 y 7.4, en algunas configuraciones pueden ser vulnerables a un ataque de denegación de servicio temporal cuando se envían cargas útiles particulares. IBM X-Force ID: 194178 • https://exchange.xforce.ibmcloud.com/vulnerabilities/194178 •
CVSS: 9.0EPSS: 43%CPEs: 26EXPL: 0CVE-2020-4888
https://notcve.org/view.php?id=CVE-2020-4888
28 Jan 2021 — IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912. IBM QRadar SIEM versiones 7.4.0 hasta 7.4.2 Parche 1 y versiones 7.3.0 hasta 7.3.3 Parche 7, podría permitir a u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/190912 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-4789
https://notcve.org/view.php?id=CVE-2020-4789
27 Jan 2021 — IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 189302. IBM QRadar SIEM versiones 7.4.2 GA hasta 7.4.2 Parche 1, versiones 7.4.0 hasta 7.4.1 Parche 1 y versiones 7.3.0 hasta 7.3.3 Parche 5, podrían permitir a un atacante remoto saltar directorios en... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189302 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.2EPSS: 0%CPEs: 26EXPL: 0CVE-2020-4787
https://notcve.org/view.php?id=CVE-2020-4787
27 Jan 2021 — IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189224. IBM QRadar SIEM versiones 7.4.2 GA hasta 7.4.2 Parche 1, versiones 7.4.0 hasta 7.4.1 Parche 1 y versiones 7.3.0 hasta 7.3.3 Parche 5, son vulnerables a ataques de tipo server side... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189224 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.4EPSS: 0%CPEs: 26EXPL: 0CVE-2020-4786
https://notcve.org/view.php?id=CVE-2020-4786
27 Jan 2021 — IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 189221. IBM QRadar SIEM versiones 7.4.2 GA hasta 7.4.2 Parche 1, versiones 7.4.0 hasta 7.4.1 Parche 1 y versiones 7.3.0 hasta 7.3.3 Parche 5, son vulnerables a ataques de tipo server side... • https://exchange.xforce.ibmcloud.com/vulnerabilities/189221 • CWE-918: Server-Side Request Forgery (SSRF) •