CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
33.3%
IBM QRadar Network Security has addressed the hard coded cryptographic keys in multiple places.(ase id:462652, ase id:462653, ase id:462654)
CVEID:CVE-2020-4157
**DESCRIPTION:**IBM QRadar Network Security contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174337 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
IBM QRadar Network Security 5.4.0
IBM QRadar Network Security 5.5.0
Product |
VRMF
|
Remediation/First Fix
—|—|—
IBM QRadar Network Security
|
5.4.0
|
Install Firmware 5.4.0.16 from the Available Updates page of the
Local Management Interface, or by performing a One Time Scheduled
Installation from SiteProtector.
Or
Download Firmware 5.4.0.16 from
IBM Security License Key and Download Center and upload and
install via the Available Updates page of the Local Management Interface.
IBM QRadar Network Security
|
5.5.0
|
Install Firmware 5.5.0.11 from the Available Updates page of the
Local Management Interface, or by performing a One Time Scheduled
Installation from SiteProtector.
Or
Download Firmware 5.5.0.11 from
IBM Security License Key and Download Center and upload and
install via the Available Updates page of the Local Management Interface.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | qradar_network_security | 5.4.0 | cpe:2.3:a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:* |
ibm | qradar_network_security | 5.5.0 | cpe:2.3:a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
33.3%