CVE-2020-4888
HIGHIBM Qradar Security Information And E... - Insecure Deserialization
Title source: ruleDescription
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 190912.
Scores
CVSS v3
8.8
EPSS
0.4054
EPSS Percentile
97.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (26)
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
ibm/qradar_security_information_and_event_manager
... and 11 more
Timeline
Published
Jan 28, 2021
Tracked Since
Feb 18, 2026