CVE-2020-4888 MEDIUM

CVE-2020-4888

Vendor Ibm
Product QRadar SIEM
Published January 28, 2021
Last update September 17, 2024

CVSS base score

6.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/I:L/AC:L/C:L/S:U/UI:N/A:L/AV:N/PR:L/E:U/RL:O/RC:C

What the vulnerability does

01Description

IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.

Key dates

02Disclosure timeline

January 28, 2021 CVE published
September 17, 2024 Record updated