CVE-2020-4888: IBM QRadar SIEM Deserialization Vulnerability Alert
IBM officially released a security announcement on January 27. Some versions of IBM QRadar SIEM have high-risk vulnerabilities (CVE-2020-4888). Remote attackers can use this vulnerability to execute arbitrary commands on the system. The exploit POC (proof of concept) has been made public.
IBM QRadar SIEM unsafely deserializes user-provided content due to the Java deserialization function, causing remote attackers to execute arbitrary commands on the system. By sending malicious serialized Java objects, an attacker can use this vulnerability to execute arbitrary commands on the system.
- IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1
- IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 7
- QRadar / QRM / QVM 7.4.2 Patch 2
- QRadar / QRM / QVM 7.3.3 Patch 7 IF 1
We recommend that affected users and related manufacturers self-check and repair by upgrade IBM QRadar SIEM to the latest version as soon as possible.