Summary Apache HttpClient is vulnerable to Security Restriction Bypass. Attackers can potentially break security and potentially steal sensitive information. This has been addressed with an update. Vulnerability Details ** CVEID: CVE-2020-13956 DESCRIPTION: **Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution. CVSS Base score: 5.3 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) Affected Products and Versions Affected Product(s)| Version(s) —|— IBM QRadar SIEM| 7.5 – 7.5.0 UP8 Remediation/Fixes IBM encourages customers to update their systems promptly. Please be aware that these updates are available via Auto Update if you have it enabled. Product| Version| Fix —|—|— IBM QRadar SIEM| 7.5.0| 7.5.0 QRadar Protocol Apache kafka IBM QRadar SIEM| 7.5.0| 7.5.0 QRadar Protocol Cisco Firepower eStreamer IBM QRadar SIEM| 7.5.0| 7.5.0 QRadar Protocol IBM BigFix REST API IBM QRadar SIEM| 7.5.0| 7.5.0 QRadar Protocol IBM Fiberlink REST API IBM QRadar SIEM| 7.5.0| 7.5.0 QRadar Protocol NetskopeActiveRESTAPI IBM QRadar SIEM| 7.5.0| 7.5.0 QRadar Protocol SAP Enterprise Threat…Read More