IBM QRadar Network Security has addressed the following vulnerabilities.
CVEID:CVE-2020-4152
**DESCRIPTION:**IBM QRadar Network Security transmits sensitive or security-critical data in cleartext in a communication channel that can be obtained using man in the middle techniques.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174267 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)
CVEID:CVE-2020-4160
**DESCRIPTION:**IBM QRadar Network Security could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174340 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
CVEID:CVE-2020-4153
**DESCRIPTION:**IBM QRadar Network Security is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174269 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
IBM QRadar Network Security 5.4.0
IBM QRadar Network Security 5.5.0
Product |
VRMF
|
Remediation/First Fix
—|—|—
IBM QRadar Network Security
|
5.4.0
|
Install Firmware 5.4.0.14 from the Available Updates page of the
Local Management Interface, or by performing a One Time Scheduled
Installation from SiteProtector.
Or
Download Firmware 5.4.0.14 from
IBM Security License Key and Download Center and upload and
install via the Available Updates page of the Local Management Interface.
IBM QRadar Network Security
|
5.5.0
|
Install Firmware 5.5.0.9 from the Available Updates page of the
Local Management Interface, or by performing a One Time Scheduled
Installation from SiteProtector.
Or
Download Firmware 5.5.0.9 from
IBM Security License Key and Download Center and upload and
install via the Available Updates page of the Local Management Interface.
None