Security Bulletin: IBM QRadar Network Security is affected by hard-coded credentials exploits.

Summary

IBM QRadar Network Security has addressed the hard coded cryptographic keys in multiple places.(ase id:462652, ase id:462653, ase id:462654)

Vulnerability Details

CVEID:CVE-2020-4157
**DESCRIPTION:**IBM QRadar Network Security contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174337 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N)

Affected Products and Versions

IBM QRadar Network Security 5.4.0

IBM QRadar Network Security 5.5.0

Remediation/Fixes

Product |

VRMF

|

Remediation/First Fix

—|—|—

IBM QRadar Network Security

|

5.4.0

|

Install Firmware 5.4.0.16 from the Available Updates page of the

Local Management Interface, or by performing a One Time Scheduled

Installation from SiteProtector.

Or
Download Firmware 5.4.0.16 from

IBM Security License Key and Download Center and upload and

install via the Available Updates page of the Local Management Interface.

IBM QRadar Network Security

|

5.5.0

|

Install Firmware 5.5.0.11 from the Available Updates page of the

Local Management Interface, or by performing a One Time Scheduled

Installation from SiteProtector.

Or
Download Firmware 5.5.0.11 from

IBM Security License Key and Download Center and upload and

install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None