====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN431
_____________________________________________________________________

DATE                : 24/07/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running IBM QRadar Advisor versions prior
                                        to 2.5.3.

=====================================================================
https://www.ibm.com/support/pages/node/6252401
_____________________________________________________________________

Security Bulletin: IBM QRadar Advisor with Watson App for IBM QRadar
SIEM does not adequately mask all passwords during input (CVE-2020-4408)


Security Bulletin


Summary

The IBM QRadar Advisor with Watson App for IBM QRadar SIEM does not
adequately mask all passwords during input, which could be obtained by a
physical attacker nearby.


Vulnerability Details

CVEID:   CVE-2020-4408

DESCRIPTION:   The IBM QRadar Advisor with Watson App for IBM QRadar
SIEM does not adequately mask all passwords during input, which could be
obtained by a physical attacker nearby.


CVSS Base score: 4.2
CVSS Temporal Score: See:
https://exchange.xforce.ibmcloud.com/vulnerabilities/179536 for the
current score.
CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)


Affected Products and Versions

Affected Product(s)     Version(s)
Qradar Advisor          1.1 - 2.5.2


Remediation/Fixes

Update to 2.5.3


Workarounds and Mitigations

None


Get Notified about Future Security Bulletins

Subscribe to My Notifications to be notified of important product
support alerts like this.


References

Complete CVSS v3 Guide
On-line Calculator v3
Related Information

IBM Secure Engineering Web Portal
IBM Product Security Incident Response Blog


Acknowledgement

Change History

23 Jul 2020: Initial Publication

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the
links in the Reference section of this Security Bulletin.


Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open
standard designed to convey vulnerability severity and help to determine
urgency and priority of response." IBM PROVIDES THE CVSS SCORES ""AS
IS"" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE
RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY
VULNERABILITY.


=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================