Communication Data Exposure in IBM QRadar Network Security
CVE-2020-4152

6.8MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Network Security
Vendor: CVE Published:; 8 November 2021

What is CVE-2020-4152?

The IBM QRadar Network Security versions 5.4.0 and 5.5.0 are susceptible to a vulnerability that allows the transmission of sensitive security data in plaintext. This exposes the system to potential interception via man-in-the-middle attacks, enabling unauthorized entities to access critical information during communication. It is essential for organizations using affected versions to implement measures to secure data transmission and ensure that sensitive communications are properly encrypted.

Affected Version(s)

QRadar Network Security 5.4.0

QRadar Network Security 5.5.0

References

https://www.ibm.com/support/pages/node/6514403

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/174267

vdb-entryx_refsource_XF

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 8, 2021
Vulnerability Reserved
Dec 30, 2019