Security Bulletin: IBM QRadar Network Security is affected by multiple vulnerabilities (CVE-2020-4152, CVE-2020-4160, CVE-2020-4153)

2021-11-0803:55:16

www.ibm.com

ibm qradar

network security

vulnerabilities

cve-2020-4152

cve-2020-4160

cve-2020-4153

versions 5.4.0

5.5.0

remediation

firmware installation

cross-site scripting

EPSS

0.002

Percentile

54.6%

JSON

Summary

IBM QRadar Network Security has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-4152
**DESCRIPTION:**IBM QRadar Network Security transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174267 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

CVEID:CVE-2020-4160
**DESCRIPTION:**IBM QRadar Network Security could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174340 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-4153
**DESCRIPTION:**IBM QRadar Network Security is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174269 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)