It was possible for a privileged user to inject malicious commands through Python3 scripting, using the sys module, in a Beta version of Resilient.
CVEID:CVE-2020-4636
**DESCRIPTION:**IBM Resilient could allow a privileged user to inject malicious commands through Python3 scripting.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185503 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Resilient OnPrem | IBM Security SOAR |
Users must install the v38.2 of IBM Resilient in order to obtain a fix for this vulnerability. This is the first GA version with Python3 scripting.
You can install the platform by following the instructions in the “Installation Overview” section in the IBM Knowledge Center. You can refer to What’s New section for more details on the new feature.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm resilient | eq | 38.2 |