Security Bulletin: IBM QRadar Network Security is affected by Information Exposure PenTest vulnerabilities.(ase id:462657, ase id:462667)

Summary

IBM QRadar Network Security has addressed the following PenTest vulnerabilities. 1. X-Powered-By header reveals Servlet/3.0 is in use. 2. Stack trace visible through help docs.

Vulnerability Details

CVEID:CVE-2020-4159
**DESCRIPTION:**IBM QRadar Network Security discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/174339 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

IBM QRadar Network Security 5.4.0

IBM QRadar Network Security 5.5.0

Remediation/Fixes

Product |

VRMF

|

Remediation/First Fix

—|—|—

IBM QRadar Network Security

|

5.4.0

|

Install Firmware 5.4.0.16 from the Available Updates page of the

Local Management Interface, or by performing a One Time Scheduled

Installation from SiteProtector.

Or
Download Firmware 5.4.0.16 from

IBM Security License Key and Download Center and upload and

install via the Available Updates page of the Local Management Interface.

IBM QRadar Network Security

|

5.5.0

|

Install Firmware 5.5.0.11 from the Available Updates page of the

Local Management Interface, or by performing a One Time Scheduled

Installation from SiteProtector.

Or
Download Firmware 5.5.0.11 from

IBM Security License Key and Download Center and upload and

install via the Available Updates page of the Local Management Interface.

Workarounds and Mitigations

None