Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME6EAEC53936775159D8B74C1C3292A6EB4C37F6E3C5935A5A5D051C62912D867
HistoryOct 15, 2020 - 11:03 p.m.

Security Bulletin: IBM Resilient SOAR could allow a privileged user to inject malicious commands through Python3 scripting (CVE-2020-4636).

2020-10-1523:03:18
www.ibm.com
5

0.001 Low

EPSS

Percentile

35.7%

JSON

Summary

It was possible for a privileged user to inject malicious commands through Python3 scripting, using the sys module, in a Beta version of Resilient.

Vulnerability Details

CVEID:CVE-2020-4636
**DESCRIPTION:**IBM Resilient could allow a privileged user to inject malicious commands through Python3 scripting.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185503 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
Resilient OnPrem IBM Security SOAR

Remediation/Fixes

Users must install the v38.2 of IBM Resilient in order to obtain a fix for this vulnerability. This is the first GA version with Python3 scripting.

You can install the platform by following the instructions in the “Installation Overview” section in the IBM Knowledge Center. You can refer to What’s New section for more details on the new feature.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm resilienteq38.2

Related

cve 1
cvelist 1
nvd 1
prion 1
cve
cve
CVE-2020-4636
2020-10-16 17:15:13
cvelist
cvelist
CVE-2020-4636
2020-10-15 00:00:00
nvd
nvd
CVE-2020-4636
2020-10-16 17:15:13
prion
prion
Design/Logic Flaw
2020-10-16 17:15:00

0.001 Low

EPSS

Percentile

35.7%

JSON
Related for E6EAEC53936775159D8B74C1C3292A6EB4C37F6E3C5935A5A5D051C62912D867
cve1cvelist1nvd1prion1