CVE-2020-4272
QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted request specify a malicious file from a remote system, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-ForceID: 175898.
IBM QRadar versiones 7.3.0 hasta 7.3.3, Parche 2, podría permitir a un atacante remoto incluir archivos arbitrarios. Un atacante remoto podría enviar una petición especialmente diseñada para especificar un archivo malicioso desde un sistema remoto, que podría permitir al atacante ejecutar código arbitrario en el servidor vulnerable. IBM X-ForceID: 175898.
QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and (potentially) arbitrary execution of code.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-12-30 CVE Reserved
- 2020-04-15 CVE Published
- 2024-06-09 EPSS Updated
- 2024-09-16 CVE Updated
- 2024-09-16 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/157337/QRadar-Community-Edition-7.3.1.6-Arbitrary-Object-Instantiation.html | 2024-09-16 | |
| http://seclists.org/fulldisclosure/2020/Apr/40 | 2024-09-16 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/175898 | 2022-04-18 | |
| https://www.ibm.com/support/pages/node/6189645 | 2022-04-18 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ibm Search vendor "Ibm" | Qradar Security Information And Event Manager Search vendor "Ibm" for product "Qradar Security Information And Event Manager" | >= 7.3.0 < 7.3.3 Search vendor "Ibm" for product "Qradar Security Information And Event Manager" and version " >= 7.3.0 < 7.3.3" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Qradar Security Information And Event Manager Search vendor "Ibm" for product "Qradar Security Information And Event Manager" | 7.3.3 Search vendor "Ibm" for product "Qradar Security Information And Event Manager" and version "7.3.3" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Qradar Security Information And Event Manager Search vendor "Ibm" for product "Qradar Security Information And Event Manager" | 7.3.3 Search vendor "Ibm" for product "Qradar Security Information And Event Manager" and version "7.3.3" | p1 |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Ibm Search vendor "Ibm" | Qradar Security Information And Event Manager Search vendor "Ibm" for product "Qradar Security Information And Event Manager" | 7.3.3 Search vendor "Ibm" for product "Qradar Security Information And Event Manager" and version "7.3.3" | p2 |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|