IBM has fixed CVE-2020-4786, a Server-Side Request Forgery (SSRF) vulnerability in its QRadar security information and event management (SIEM) platform. The company now provides several patches that QRadar users can download to repair the issue.
Cybercriminals can exploit CVE-2020-4786 in QRadar to send requests for certain protocols on behalf of a server to both internal and external networks, according to threat analysis solutions company Positive Technologies. This enables cybercriminals to obtain information about network hosts and their open ports.
Also, CVE-2020-4786 allows cybercriminals to use QRadar to exploit known vulnerabilities in software located on an internal network, Positive said. In doing so, CVE-2020-4786 lets cybercriminals initiate cyberattacks.
CVE-2020-4786 affects the following versions of QRadar:
- QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1
- QRadar SIEM 7.4.0 to 7.4.1 Patch 1
- QRadar SIEM 7.3.0 to 7.3.3 Patch 5
IBM issued a security bulletin about CVE-2020-4786 last month. The vulnerability was originally reported to IBM by Mikhail Klyuchnikov, a senior web application security researcher at Positive.
A Closer Look at QRadar
QRadar helps security teams detect and prioritize cyber threats, according to IBM. It provides security insights to help these teams respond to security incidents.
Security teams can use QRadar to consolidate log events and network flow data from network devices, endpoints and applications, IBM indicated. QRadar correlates this information and aggregates related events into alerts to accelerate incident analysis and remediation.
QRadar is available both on-premises and in the cloud. Furthermore, Netenrich, SentinelOne and other cybersecurity companies have incorporated QRadar capabilities into their security offerings.