CVE-2020-4786

Name of the Vulnerable Software and Affected Versions IBM QRadar SIEM versions 7.3.0 through 7.3.3 Patch 5 IBM QRadar SIEM versions 7.4.0 through 7.4.1 Patch 1 IBM QRadar SIEM versions 7.4.2 GA through 7.4.2 Patch 1

Description The issue is related to insufficient server-side request validation in IBM QRadar SIEM, which can be exploited by a remote attacker to send unauthorized requests and potentially disclose protected information. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. The vulnerability can be used to forge requests on the server side of QRadar, which can at least allow for the collection of data about the infrastructure/network where this software is running.

Recommendations For IBM QRadar SIEM versions 7.3.0 through 7.3.3 Patch 5, update to a version later than 7.3.3 Patch 5. For IBM QRadar SIEM versions 7.4.0 through 7.4.1 Patch 1, update to a version later than 7.4.1 Patch 1. For IBM QRadar SIEM versions 7.4.2 GA through 7.4.2 Patch 1, update to a version later than 7.4.2 Patch 1. As a temporary workaround, consider restricting access to the console/chartServer API endpoint until a patch is available. Avoid using the data parameter in the affected API endpoint until the issue is resolved.