Vulnerability in Ibm Qradar
CVE-2020-4294
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other…
EPSS: 0.003 (52.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.0/UI:N/AV:N/PR:L/AC:L/C:L/I:L/S:U/A:L/RC:C/E:U/RL:O.
Affected products
- Ibm Qradar — versions 7.3.3.Patch2, 7.3.0
References
- www.ibm.com/support/pages/node/6189663 (x_refsource_CONFIRM)
- ibm-qradar-cve20204294-ssrf (176404) (vdb-entry, x_refsource_XF)
- 20200421 QRadar RssFeedItem Server-Side Request Forgery vulnerability (mailing-list, x_refsource_FULLDISC)
- packetstormsecurity.com/files/157329/QRadar-Community-Edition-7.3.1.6-Server-Si… (x_refsource_MISC)
Frequently asked questions
- What is CVE-2020-4294?
- CVE-2020-4294 is a medium-severity vulnerability in Ibm Qradar. CVSS score: 6.3/10. Published 2020-04-15.
- How severe is CVE-2020-4294?
- Medium severity. CVSS v3 base score is 6.3 out of 10.