7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.0%
Pip as used by IBM QRadar Advisor With Watson to manage python packages is vulnerable to multiple vulnerabilities. IBM QRadar Advisor With Watson has addressed the applicable CVEs by updating pip.
CVEID:CVE-2019-20916
**DESCRIPTION:**pypa pip package for python could allow a remote attacker to traverse directories on the system, caused by a flaw when installing package via a specified URL. An attacker could use a specially-crafted Content-Disposition header with filename containing “dot dot” sequences (/…/) to overwrite arbitrary files on the system.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187855 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L)
CVEID:CVE-2021-3572
**DESCRIPTION:**pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository.
CVSS Base score: 4.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/208954 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2018-20225
**DESCRIPTION:**Pip could allow a local attacker to execute arbitrary code on the system, caused by a flaw in the --extra-index-url option. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182438 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
QRadar Advisor With Watson | QRadar Advisor With Watson 2.5 - QRadar Advisor With Watson 2.6.2 |
IBM encourages customers to update their systems promptly.
Update to IBM QRadar Advisor With Watson 2.6.3
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm qradar siem | eq | 7.3 | |
ibm qradar siem | eq | 7.4 | |
ibm qradar siem | eq | 7.5 |
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
65.0%