IBM has fixed CVE-2020-4786, a Server-Side Request Forgery (SSRF) vulnerability in its QRadar security information and event management (SIEM) platform. The company now provides several patches that QRadar users can download to repair the issue.Cybercriminals can exploit CVE-2020-4786 in QRadar to send requests for certain protocols on behalf of a server to both internal and external networks, according to threat analysis solutions company Positive Technologies. This enables cybercriminals to obtain information about network hosts and their open ports.Also, CVE-2020-4786 allows cybercriminals to use QRadar to exploit known vulnerabilities in software located on an internal network, Positive said. In doing so, CVE-2020-4786 lets cybercriminals initiate cyberattacks.CVE-2020-4786 affects the following versions of QRadar:QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1 QRadar SIEM 7.4.0 to 7.4.1 Patch 1 QRadar SIEM 7.3.0 to 7.3.3 Patch 5 IBM issued a security bulletin about CVE-2020-4786 last month. The vulnerability was originally reported to IBM by Mikhail Klyuchnikov, a senior web application security researcher at Positive.