What is CVE-2020-4888?

CVE-2020-4888 is a medium-severity vulnerability in Ibm Qradar Siem. CVSS score: 6.3/10. Published 2021-01-28.

How severe is CVE-2020-4888?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Is CVE-2020-4888 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Ibm Qradar Siem

CVE-2020-4888

IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function…

EPSS: 0.620 (99.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.0/I:L/AC:L/C:L/S:U/UI:N/A:L/AV:N/PR:L/E:U/RL:O/RC:C.

Affected products

Ibm Qradar Siem — versions 7.3, 7.4, 7.3.3.Patch.7

Public proof-of-concept exploits

References

www.ibm.com/support/pages/node/6409306 (x_refsource_CONFIRM)
ibm-qradar-cve20204888-code-exec (190912) (vdb-entry, x_refsource_XF)

Frequently asked questions

What is CVE-2020-4888?: CVE-2020-4888 is a medium-severity vulnerability in Ibm Qradar Siem. CVSS score: 6.3/10. Published 2021-01-28.
How severe is CVE-2020-4888?: Medium severity. CVSS v3 base score is 6.3 out of 10.
Is CVE-2020-4888 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.