Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery (SSRF) (CVE-2021-40438)
CVEID:CVE-2021-40438
**DESCRIPTION:**Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in mod_proxy. By sending a specially crafted request uri-path, a remote attacker could exploit this vulnerability to forward the request to an origin server chosen by the remote user.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209526 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
IBM QRadar SIEM 7.3.0 - 7.3.3 Fix Pack 10
IBM QRadar SIEM 7.4.0 - 7.4.3 Fix Pack 4
QRadar / QRM / QVM / QRIF / QNI 7.3.3 Patch 10 Interim Fix 01
QRadar / QRM / QVM / QRIF / QNI 7.4.3 Patch 4 Interim Fix 02
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm qradar siem | eq | 7.3 | |
ibm qradar siem | eq | 7.4 |