CVE-2020-4888

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.3.0 through 7.3.3 Patch 7 IBM QRadar SIEM versions 7.4.0 through 7.4.2 Patch 1

Description The issue is caused by insecure deserialization of user-supplied content by the Java deserialization function, allowing a remote attacker to execute arbitrary commands on the system. By sending a malicious serialized Java object, an attacker could exploit this to execute arbitrary commands on the system.

Recommendations For IBM QRadar SIEM versions 7.3.0 through 7.3.3 Patch 7, update to a version later than 7.3.3 Patch 7 to resolve the issue. For IBM QRadar SIEM versions 7.4.0 through 7.4.2 Patch 1, update to a version later than 7.4.2 Patch 1 to resolve the issue. As a temporary workaround, consider restricting access to the Java deserialization function to minimize the risk of exploitation.