CVE-2020-4408

The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536.

CVSS v3 4.6 MEDIUM
CVSS v2.0 2.1 LOW

4.6^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/179536	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6252401	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/179536	VDB Entry Vendor Advisory
https://www.ibm.com/support/pages/node/6252401	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:ibm:qradar_advisory:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:32

Type	Values Removed	Values Added
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/179536 - VDB Entry, Vendor Advisory~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/179536 - VDB Entry, Vendor Advisory
References	~~() https://www.ibm.com/support/pages/node/6252401 - Patch, Vendor Advisory~~	() https://www.ibm.com/support/pages/node/6252401 - Patch, Vendor Advisory

Information

Published : 2020-07-27 14:15

Updated : 2024-11-21 05:32

NVD link : CVE-2020-4408

Mitre link : CVE-2020-4408

CVE.ORG link : CVE-2020-4408

JSON object : View

Products Affected

ibm

qradar_advisory

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2020-4408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "psirt@us.ibm.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.6, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.9}]}, "published": "2020-07-27T14:15:12.600", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179536", "tags": ["VDB Entry", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://www.ibm.com/support/pages/node/6252401", "tags": ["Patch", "Vendor Advisory"], "source": "psirt@us.ibm.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/179536", "tags": ["VDB Entry", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ibm.com/support/pages/node/6252401", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRadar SIEM does not adequately mask all passwords during input, which could be obtained by a physical attacker nearby. IBM X-Force ID: 179536."}, {"lang": "es", "value": "IBM QRadar Advisor versiones 1.1 hasta 2.5.2, con la aplicaci\u00f3n Watson para IBM QRadar SIEM no enmascara adecuadamente todas las contrase\u00f1as durante la entrada, que podr\u00edan ser obtenidas por un atacante f\u00edsico cercano. IBM X-Force ID: 179536"}], "lastModified": "2024-11-21T05:32:42.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ibm:qradar_advisory:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "283B8EB6-2553-4BC1-BACF-A3DE34B378D0", "versionEndIncluding": "2.5.2", "versionStartIncluding": "1.1"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@us.ibm.com"}