CVE-2020-4280

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.3 through 7.4

Description: The issue is caused by insecure deserialization of user-supplied content by the Java deserialization function, allowing a remote attacker to execute arbitrary commands on the system. By sending a malicious serialized Java object, an attacker could exploit this to execute arbitrary commands. The vulnerability is related to the restoration of untrusted data in memory due to deserialization, which could allow a remote attacker to execute arbitrary code or cause a denial of service using a specially crafted request.

Recommendations: For IBM QRadar SIEM versions 7.3 and 7.4, consider disabling the Java deserialization function as a temporary workaround until a patch is available. Restrict access to the system to minimize the risk of exploitation. Avoid using user-supplied content in the deserialization process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.