IBM Fixes Vulnerability in QRadar SIEM Discovered by Positive Technologies
- The vulnerability could be used to execute attacks on internal corporate networks
The Server-Side Request Forgery (SSRF) vulnerability identified in IBM QRadar SIEM by Positive Technologies expert Mikhail Klyuchnikov has an average severity level (CVSS 5.4). The IBM QRadar SIEM event monitoring and correlation system is one of the world’s leading SIEM systems.
The error is known as CVE-2020-4786. By exploiting it, attackers can send requests on behalf of the system, obtain information about the network infrastructure, and thus facilitate further attacks.
Recommended AI News: DISQO and Research Results Forge New Managed Services Partnership
Mikhail Klyuchnikov at Positive Technologies explains: “Using this vulnerability, authorized attackers can send requests for certain protocols on behalf of the server to both the internal and external networks. When sending requests to the internal network, they can learn more about this network by obtaining information about network hosts and their open ports. In addition, in some cases, attackers can exploit known vulnerabilities in software located on the internal network, which would allow them to develop the attack.”
Recommended AI News: SymphonyAI Names Charles Zedlewski Operating Partner as Demand for Enterprise AI Accelerates
The issue affects IBM QRadar SIEM versions 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5. To fix the vulnerability, update the product to the latest versions in accordance with the manufacturer’s recommendations.
Recommended AI News: Infosys Announces Canadian Expansion to Calgary, Doubling Canadian Workforce to 4,000 by 2023
Scrap metal restoration Ferrous material storage Iron waste reclaiming
Ferrous material incident reporting, Scrap iron reuse, Scrap metal trade associations
Scrap copper waste disposal Copper scrap disposal Scrap metal recycling facility
Copper cable scrap recycling services, Metal reprocessing facility, Copper scrap material analysis