CVE-2020-4888: IBM QRadar SIEM Deserialization Vulnerability Alert

IBM officially released a security announcement on January 27. Some versions of IBM QRadar SIEM have high-risk vulnerabilities (CVE-2020-4888). Remote attackers can use this vulnerability to execute arbitrary commands on the system. The exploit POC (proof of concept) has been made public.

Vulnerability Detail

IBM QRadar SIEM unsafely deserializes user-provided content due to the Java deserialization function, causing remote attackers to execute arbitrary commands on the system. By sending malicious serialized Java objects, an attacker can use this vulnerability to execute arbitrary commands on the system.

Affected version

  • IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1
  • IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 7

Unaffected version

  • QRadar / QRM / QVM 7.4.2 Patch 2
  • QRadar / QRM / QVM 7.3.3 Patch 7 IF 1

Solution

We recommend that affected users and related manufacturers self-check and repair by upgrade IBM QRadar SIEM to the latest version as soon as possible.