Vulnerability in Ibm Qradar

CVE-2020-4270

IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846.

EPSS: 0.001 (34.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.0/AV:L/UI:N/AC:L/PR:N/C:H/S:U/A:H/I:H/RL:O/E:U/RC:C.

Affected products

Ibm Qradar — versions 7.3.3.Patch2, 7.3.0

References

www.ibm.com/support/pages/node/6189657 (x_refsource_CONFIRM)
ibm-qradar-cve20204270-priv-escalation (175846) (vdb-entry, x_refsource_XF)
20200421 Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/157335/QRadar-Community-Edition-7.3.1.6-Insecure-… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-4270?: CVE-2020-4270 is a high-severity vulnerability in Ibm Qradar. CVSS score: 8.4/10. Published 2020-04-15.
How severe is CVE-2020-4270?: High severity. CVSS v3 base score is 8.4 out of 10.