Vulnerability Description
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. This vulnerability is due to an incomplete fix for CVE-2020-4786. IBM X-Force ID: 206087.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ibm | Qradar Security Information And Event Manager | >= 7.3.0, < 7.3.3 |
| Linux | Linux Kernel | - |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/206087VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6520490PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/206087VDB EntryVendor Advisory
- https://www.ibm.com/support/pages/node/6520490PatchVendor Advisory
FAQ
What is CVE-2021-29863?
CVE-2021-29863 is a vulnerability with a CVSS score of 4.3 (MEDIUM). IBM QRadar SIEM 7.3 and 7.4 is vulnerable to server side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network ...
How severe is CVE-2021-29863?
CVE-2021-29863 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-29863?
Check the references section above for vendor advisories and patch information. Affected products include: Ibm Qradar Security Information And Event Manager, Linux Linux Kernel.