The X-Forwarded-For Header in a request can inadvertently log an incorrect IP address when connecting to specific internal networks. The affects only on-premises customers within a restricted network.
CVEID:CVE-2020-4864
**DESCRIPTION:**IBM Resilient OnPrem could allow an attacker on the internal net work to provide the server with a spoofed source IP address.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190567 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
Resilient OnPrem | IBM Security SOAR |
Users must apply the latest patch for their IBM Resilient platform (v37.2 or newer) from IBM FixCentral in order to obtain a fix for this vulnerability.
For example, you can upgrade the platform to v38 by following the instructions in the “Upgrade Procedure” section in the IBM Knowledge Center.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm resilient | eq | 38.0 |