CVE-2020-4272

Name of the Vulnerable Software and Affected Versions IBM QRadar versions 7.3.0 through 7.3.3 Patch 2

Description The issue allows a remote attacker to include arbitrary files by sending a specially-crafted request, which could enable the execution of arbitrary code on the vulnerable server. This could potentially lead to remote code execution.

Recommendations For IBM QRadar versions 7.3.0 through 7.3.3 Patch 2, consider restricting access to the server until a patch is available to prevent remote attackers from sending specially-crafted requests. As a temporary workaround, limit the ability to specify files from remote systems to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.