CVE-2024-49822Server-Side Request Forgery in IBM Qradar Advisor

CWE-918Server-Side Request Forgery3 documents3 sources
Severity
4.1MEDIUMNVD
EPSS
0.1%
top 79.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Qradar AdvisorIBM Qradar Advisor With Watson
Timeline
PublishedMar 18

Description

IBM QRadar Advisor 1.0.0 through 2.6.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:NExploitability: 2.3 | Impact: 1.4

Affected Packages2 packages

NVDibm/qradar_advisor1.0.02.6.5
CVEListV5ibm/qradar_advisor_with_watson1.0.02.6.5

🔴Vulnerability Details

2
CVEList
IBM QRadar Advisor server-side request forgery2025-03-18
GHSA
GHSA-fch9-7g2p-f49f: IBM QRadar Advisor 12025-03-18
CVE-2024-49822 — Server-Side Request Forgery in IBM | cvebase