CVE-2020-4152 — Cleartext Transmission of Sensitive Info in IBM Qradar Network Security

CWE-319 — Cleartext Transmission of Sensitive Info4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 73.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Qradar Network Security

Timeline

PublishedNov 8

Latest updateMay 24

Description

IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques. IBM X-Force ID: 17467.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/qradar_network_security5.4.0.0 — 5.4.0.14+1

▶CVEListV5ibm/qradar_network_security5.4.0, 5.5.0+1

Patches

Patch: www.ibm.com ↗Patch: www.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-98g9-rg6r-fh6r: IBM QRadar Network Security 5↗2022-05-24

▶

CVEList

CVE-2020-4152: IBM QRadar Network Security 5↗2021-11-08

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows - Win32k Elevation of Privilege↗2020-12-02

▶