Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMDD464CE379B2EA45DB8FD5C1271CBEF5EA4164AAAFA4FB13859BABF4DFF16C6B
HistoryJan 27, 2021 - 12:09 a.m.

Security Bulletin: Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation (CVE-2020-5421)

2021-01-2700:09:26
www.ibm.com
8

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

JSON

Summary

Spring Framework as used by IBM QRadar SIEM is vulnerable to improper input validation

Vulnerability Details

CVEID:CVE-2020-5421
**DESCRIPTION:**VMware Tanzu Spring Framework could allow a remote attacker to bypass security restrictions, caused by improper input validation. By using a specially-crafted jsessionid path parameter, an attacker could exploit this vulnerability to bypass RFD Protection.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188530 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1

IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1

IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5

Remediation/Fixes

QRadar / QRM / QVM 7.4.2 Patch 2

QRadar / QRM / QVM 7.4.1 Patch 2

QRadar / QRM / QVM 7.3.3 Patch 7

QRadar incident forensics please use the SFS below

QRadar Incident Forensics / QNI 7.4.2 Patch 2

QRadar Incident Forensics / QNI 7.4.1 Patch 2

QRadar Incident Forensics / QNI 7.3.3 Patch 7

Workarounds and Mitigations

None

Related

ibm 18
nessus 3
veracode 1
github 1
osv 2
ubuntucve 1
debiancve 1
githubexploit 1
cve 1
redhatcve 1
prion 1
redhat 1
oracle 7
ibm
ibm
Security Bulletin: Spring Framework vulnerabilities affect IBM Watson Text to Speech and Speech to Text (IBM Watson Speech Services for Cloud Pak for Data 1.2)
2020-12-16 17:55:27
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Spring
2021-02-27 03:38:50
Security Bulletin: A Vulnerability in Spring Framework affects IBM License Key Server Administration and Reporting Tool
2020-12-30 15:34:28
nessus
nessus
Oracle Primavera P6 Enterprise Project Portfolio Management (Jan 2021 CPU)
2021-01-22 00:00:00
Oracle Primavera Gateway (Jan 2021 CPU)
2021-01-20 00:00:00
Oracle MySQL Enterprise Monitor Multiple Vulnerabilities (Jan 2021 CPU)
2021-01-28 00:00:00
veracode
veracode
Reflected File Download (RFD) Attack
2020-09-18 08:14:19
github
github
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
osv
osv
Improper Input Validation in Spring Framework
2021-04-30 17:29:51
CVE-2020-5421
2020-09-19 04:15:11
ubuntucve
ubuntucve
CVE-2020-5421
2020-09-19 00:00:00
debiancve
debiancve
CVE-2020-5421
2020-09-19 04:15:00
githubexploit
githubexploit
Exploit for Vulnerability in Pivotal Software Spring Framework
2021-01-10 12:26:00
cve
cve
CVE-2020-5421
2020-09-19 04:15:00
redhatcve
redhatcve
CVE-2020-5421
2020-09-21 16:59:07
prion
prion
Design/Logic Flaw
2020-09-19 04:15:00
redhat
redhat
(RHSA-2021:3140) Moderate: Red Hat Fuse 7.9.0 release and security update
2021-08-11 18:18:10
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

3.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

JSON
Related for DD464CE379B2EA45DB8FD5C1271CBEF5EA4164AAAFA4FB13859BABF4DFF16C6B
ibm18nessus3veracode1github1osv2ubuntucve1debiancve1githubexploit1cve1redhatcve1prion1redhat1oracle7