CVE-2020-4408Insufficiently Protected Credentials in IBM Qradar Advisory

CWE-522Insufficiently Protected Credentials3 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.1%
top 83.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar AdvisoryIBM Qradar Advisor
Timeline
PublishedJul 27
Latest updateMay 24

Description

The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 0.9 | Impact: 3.6

Affected Packages2 packages

NVDibm/qradar_advisory1.12.5.2
CVEListV5ibm/qradar_advisor1.1, 2.5.2+1

Patches

Patch: www.ibm.comPatch: www.ibm.com

🔴Vulnerability Details

2
GHSA
GHSA-4xhv-7g8c-27wc: The IBM QRadar Advisor 12022-05-24
CVEList
CVE-2020-4408: The IBM QRadar Advisor 12020-07-27
CVE-2020-4408 — Insufficiently Protected Credentials | cvebase