CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
43.3%
IBM QRadar Network Security has addressed the following PenTest vulnerabilities. 1. X-Powered-By header reveals Servlet/3.0 is in use. 2. Stack trace visible through help docs.
CVEID:CVE-2020-4159
**DESCRIPTION:**IBM QRadar Network Security discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
IBM QRadar Network Security 5.4.0
IBM QRadar Network Security 5.5.0
Product |
VRMF
|
Remediation/First Fix
—|—|—
IBM QRadar Network Security
|
5.4.0
|
Install Firmware 5.4.0.16 from the Available Updates page of the
Local Management Interface, or by performing a One Time Scheduled
Installation from SiteProtector.
Or
Download Firmware 5.4.0.16 from
IBM Security License Key and Download Center and upload and
install via the Available Updates page of the Local Management Interface.
IBM QRadar Network Security
|
5.5.0
|
Install Firmware 5.5.0.11 from the Available Updates page of the
Local Management Interface, or by performing a One Time Scheduled
Installation from SiteProtector.
Or
Download Firmware 5.5.0.11 from
IBM Security License Key and Download Center and upload and
install via the Available Updates page of the Local Management Interface.
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | qradar_network_security | 5.4.0 | cpe:2.3:a:ibm:qradar_network_security:5.4.0:*:*:*:*:*:*:* |
ibm | qradar_network_security | 5.5.0 | cpe:2.3:a:ibm:qradar_network_security:5.5.0:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
43.3%