Server-Side Request Forgery in IBM QRadar Advisor Affects Multiple Versions
CVE-2024-49822

4.1MEDIUM

Key Information:

Vendor: IBM
Status: Qradar Advisor With Watson
Vendor: CVE Published:; 18 March 2025

What is CVE-2024-49822?

The SSRF vulnerability in IBM QRadar Advisor versions 1.0.0 through 2.6.5 empowers authenticated attackers to exploit server-side request functionalities. This flaw may enable unauthorized requests being initiated from the system itself, potentially allowing the attacker to map the internal network or leverage it for further malicious activities.

Affected Version(s)

QRadar Advisor with Watson 1.0.0 <= 2.6.5

References

https://www.ibm.com/support/pages/node/7186424

vendor-advisory

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 18, 2025
Vulnerability Reserved
Oct 20, 2024