Details of VAR-202111-0102

ID

VAR-202111-0102

CVE

CVE-2020-4153

TITLE

IBM QRadar Network Security Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014663

DESCRIPTION

IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 174269. Vendor exploits this vulnerability IBM X-Force ID: 174269 It is published as.Information may be obtained and information may be tampered with. Used to provide better visibility and control of activities and users on the network, while using deep packet inspection, heuristics, and behavior-based analysis to detect and prevent advanced threats

Trust: 2.16

sources: NVD: CVE-2020-4153 // JVNDB: JVNDB-2021-014663 // CNVD: CNVD-2021-88187

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-88187

AFFECTED PRODUCTS

vendor:	ibm	model:	qradar network security	scope:	eq	version:	5.4.0	Trust: 1.4
vendor:	ibm	model:	qradar network security	scope:	eq	version:	5.5.0	Trust: 1.4
vendor:	ibm	model:	qradar network security	scope:	gte	version:	5.4.0.0	Trust: 1.0
vendor:	ibm	model:	qradar network security	scope:	gte	version:	5.5.0.0	Trust: 1.0
vendor:	ibm	model:	qradar network security	scope:	lt	version:	5.4.0.14	Trust: 1.0
vendor:	ibm	model:	qradar network security	scope:	lt	version:	5.5.0.9	Trust: 1.0
vendor:	ibm	model:	qradar network security	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-88187 // JVNDB: JVNDB-2021-014663 // NVD: CVE-2020-4153

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-4153
value:	MEDIUM
Trust: 1.0
psirt@us.ibm.com:	CVE-2020-4153
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2020-4153
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-88187
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202111-661
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2020-4153
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-88187
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

psirt@us.ibm.com:	CVE-2020-4153
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2020-4153
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-88187 // JVNDB: JVNDB-2021-014663 // CNNVD: CNNVD-202111-661 // NVD: CVE-2020-4153 // NVD: CVE-2020-4153

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014663 // NVD: CVE-2020-4153

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-661

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202111-661

PATCH

title:	6514403 IBM X-Force Exchange	url:	https://www.ibm.com/support/pages/node/6514403	Trust: 0.8
title:	Patch for IBM QRadar Network Security cross-site scripting vulnerability (CNVD-2021-88187)	url:	https://www.cnvd.org.cn/patchInfo/show/298036	Trust: 0.6
title:	IBM QRadar Network Security Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168935	Trust: 0.6

sources: CNVD: CNVD-2021-88187 // JVNDB: JVNDB-2021-014663 // CNNVD: CNNVD-202111-661

EXTERNAL IDS

db:	NVD	id:	CVE-2020-4153	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-014663	Trust: 0.8
db:	CNVD	id:	CNVD-2021-88187	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3713	Trust: 0.6
db:	CNNVD	id:	CNNVD-202111-661	Trust: 0.6

sources: CNVD: CNVD-2021-88187 // JVNDB: JVNDB-2021-014663 // CNNVD: CNNVD-202111-661 // NVD: CVE-2020-4153

REFERENCES

url:	https://www.ibm.com/support/pages/node/6514403	Trust: 2.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/174269	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-4153	Trust: 1.4
url:	https://www.auscert.org.au/bulletins/esb-2021.3713	Trust: 0.6

sources: CNVD: CNVD-2021-88187 // JVNDB: JVNDB-2021-014663 // CNNVD: CNNVD-202111-661 // NVD: CVE-2020-4153

SOURCES

db:	CNVD	id:	CNVD-2021-88187
db:	JVNDB	id:	JVNDB-2021-014663
db:	CNNVD	id:	CNNVD-202111-661
db:	NVD	id:	CVE-2020-4153

LAST UPDATE DATE

2024-08-14T12:07:00.305000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-88187	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-014663	date:	2022-10-24T02:04:00
db:	CNNVD	id:	CNNVD-202111-661	date:	2021-11-11T00:00:00
db:	NVD	id:	CVE-2020-4153	date:	2021-11-09T20:02:23.147

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-88187	date:	2021-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-014663	date:	2022-10-24T00:00:00
db:	CNNVD	id:	CNNVD-202111-661	date:	2021-11-07T00:00:00
db:	NVD	id:	CVE-2020-4153	date:	2021-11-08T17:15:07.610