CVE-2020-4993Path Traversal in IBM Qradar Security Information AND Event Manager

CWE-22Path Traversal4 documents4 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 48.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar Security Information AND Event ManagerIBM Qradar Siem
Timeline
PublishedMay 5
Latest updateMay 24

Description

IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature of zip files processes data in a way that may be vulnerable to path traversal attacks. IBM X-Force ID: 192905.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5ibm/qradar_siem7.3, 7.4+1

🔴Vulnerability Details

2
GHSA
GHSA-m7qr-8828-2fm9: IBM QRadar SIEM 72022-05-24
CVEList
CVE-2020-4993: IBM QRadar SIEM 72021-05-05

💬Community

1
Bugzilla
CVE-2020-15115 etcd: improper validation of passwords allow an attacker to guess or brute-force user's passwords2020-08-14
CVE-2020-4993 — Path Traversal in IBM | cvebase