Vulnerabilities > IBM > Qradar Security Information AND Event Manager > 7.4.1

DATE CVE VULNERABILITY TITLE RISK
2021-01-28 CVE-2020-4888 Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function.
network
low complexity
ibm CWE-502
8.8
2021-01-27 CVE-2020-4789 Path Traversal vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 could allow a remote attacker to traverse directories on the system.
network
low complexity
ibm CWE-22
6.5
2021-01-27 CVE-2020-4787 Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF).
local
low complexity
ibm CWE-918
2.3
2021-01-27 CVE-2020-4786 Server-Side Request Forgery (SSRF) vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.3
2020-11-05 CVE-2018-1725 Unspecified vulnerability in IBM Qradar Security Information and Event Manager
IBM QRadar SIEM 7.3 and 7.4 n a multi tenant configuration could be vulnerable to information disclosure.
local
low complexity
ibm
2.3