The Server-Side Request Forgery (SSRF) vulnerability identified in IBM QRadar SIEM by Positive Technologies expert Mikhail Klyuchnikov has an average severity level (CVSS 5.4). The IBM QRadar SIEM event monitoring and correlation system is one of the world's leading SIEM systems.
The error is known as CVE-2020-4786. By exploiting it, attackers can send requests on behalf of the system, obtain information about the network infrastructure, and thus facilitate further attacks.
Mikhail Klyuchnikov at Positive Technologies explains: “Using this vulnerability, authorized attackers can send requests for certain protocols on behalf of the server to both the internal and external networks. When sending requests to the internal network, they can learn more about this network by obtaining information about network hosts and their open ports. In addition, in some cases, attackers can exploit known vulnerabilities in software located on the internal network, which would allow them to develop the attack.”
The issue affects IBM QRadar SIEM versions 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5. To fix the vulnerability, update the product to the latest versions in accordance with the manufacturer's recommendations.