IBMBE8EFAD85EB4BCE50225975B9990F36B7082CAAE364709630ED572EC61C26EF2Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4786)
0.001 Low
EPSS
Percentile
19.8%
Summary
IBM QRadar SIEM is vulnerable to Server Side Request Forgery
Vulnerability Details
CVEID:CVE-2020-4786
**DESCRIPTION:**IBM QRadar Network Security is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189221 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)
Affected Products and Versions
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1
IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5
Remediation/Fixes
QRadar / QRM / QVM 7.4.2 Patch 2
QRadar / QRM / QVM 7.4.1 Patch 2
QRadar / QRM / QVM 7.3.3 Patch 7
QRadar incident forensics please use the SFS below
QRadar Incident Forensics / QNI 7.4.2 Patch 2
QRadar Incident Forensics / QNI 7.4.1 Patch 2
QRadar Incident Forensics / QNI 7.3.3 Patch 7
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.3 | |
| ibm security qradar siem | eq | 7.4 |
Related
0.001 Low
EPSS
Percentile
19.8%