IBM456D6B2C8FFD6B2B67E945B97C7CBB78748139E9C9CD89CF78181DA87FDEF0F0Security Bulletin: IBM QRadar SIEM is vulnerable to Server Side Request Forgery (SSRF) (CVE-2020-4787)
0.0004 Low
EPSS
Percentile
12.6%
Summary
IBM QRadar SIEM is vulnerable to Server Side Request Forgery
Vulnerability Details
CVEID:CVE-2020-4787
**DESCRIPTION:**IBM QRadar is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.
CVSS Base score: 4.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189224 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L)
Affected Products and Versions
IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1
IBM QRadar SIEM 7.4.0 to 7.4.1 Patch 1
IBM QRadar SIEM 7.3.0 to 7.3.3 Patch 5
Remediation/Fixes
QRadar / QRM / QVM 7.4.2 Patch 2
QRadar / QRM / QVM 7.4.1 Patch 2
QRadar / QRM / QVM 7.3.3 Patch 7
QRadar incident forensics please use the SFS below
QRadar Incident Forensics / QNI 7.4.2 Patch 2
QRadar Incident Forensics / QNI 7.4.1 Patch 2
QRadar Incident Forensics / QNI 7.3.3 Patch 7
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm security qradar siem | eq | 7.3 | |
| ibm security qradar siem | eq | 7.4 |
Related
0.0004 Low
EPSS
Percentile
12.6%