Vulnerability CVE-2020-10749

Vulnerability Name:

CVE-2020-10749 (CCN-182748)

Assigned:

2020-05-13

Published:

2020-05-13

Updated:

2023-03-14

Summary:

CVSS v3 Severity:

6.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

6.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

6.0 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
5.2 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.6 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2020-10749

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
cni-cve202010749-mitm(182748)

Source: CCN
Type: plugins GIT Repository
ptp, bridge: disable accept_ra on the host-side interface #484

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin 6471253 (Cloud Pak for Applications)
A vulnerability was found in all versions of container networking/plugins before version 0.8.6 of pipeline-utils affecting IBM Cloud Pak for Applications

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:ibm:cloud_pak_for_applications:4.3:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202010749	V	CVE-2020-10749	2023-06-22
oval:org.opensuse.security:def:7848	P	cni-plugins-1.1.1-150500.1.19 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51569	P	Security update for libarchive (Low)	2022-11-23
oval:org.opensuse.security:def:3784	P	Security update for rubygem-tzinfo (Important)	2022-07-29
oval:org.opensuse.security:def:4657	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) (Important)	2022-07-21
oval:org.opensuse.security:def:3838	P	zsh-5.0.5-6.7.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3790	P	squashfs-4.3-6.2 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3801	P	sysvinit-tools-2.88+-101.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3241	P	libpython2_7-1_0-2.7.13-28.31.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94871	P	cni-plugins-0.8.6-3.8.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94704	P	libserf-1-1-1.3.9-2.31 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:4641	P	Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP5) (Important)	2022-01-31
oval:org.opensuse.security:def:112085	P	cni-plugins-0.9.1-1.3 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:68385	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:1293	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:64811	P	Security update for wireshark (Moderate)	2021-12-06
oval:org.opensuse.security:def:66994	P	Security update for poppler (Important)	2021-12-01
oval:org.opensuse.security:def:74384	P	Security update for flatpak (Important)	2021-10-20
oval:org.opensuse.security:def:51673	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:105627	P	cni-plugins-0.9.1-1.3 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63206	P	grub2-x86_64-xen-2.02-24.12 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:51639	P	Security update for unrar (Moderate)	2021-08-25
oval:org.opensuse.security:def:64753	P	Security update for openssl-1_1 (Important)	2021-08-24
oval:org.opensuse.security:def:63499	P	libvorbis0-32bit-1.3.6-4.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101417	P	nodejs12-12.21.0-4.13.2 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1970	P	python2-numpy-gnu-hpc-1.16.5-1.164 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1968	P	libmunge2-0.5.14-11.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:1927	P	jcl-over-slf4j-1.7.30-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1939	P	openldap2-devel-32bit-2.4.46-9.51.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63003	P	cvs-1.12.12-2.30 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1945	P	perl-Mail-SpamAssassin-Plugin-iXhash2-2.05-12.10.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1925	P	guile-2.0.14-5.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1958	P	xstream-1.4.15-3.5.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1923	P	graphviz-perl-2.40.1-6.6.8 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1953	P	python39-tools-3.9.4-2.9 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1947	P	perl-PerlMagick-7.0.7.34-10.15.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71841	P	hunspell-1.6.2-3.3.7 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63028	P	openldap2-devel-32bit-2.4.46-9.51.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63000	P	cross-nvptx-gcc7-7.5.0+r278197-4.25.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62996	P	build-20210120-3.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1928	P	jetty-http-9.4.38-3.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1931	P	libgit2-28-0.28.4-1.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101126	P	cni-plugins-0.8.6-3.8.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62382	P	cni-plugins-0.8.6-3.8.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72723	P	dom4j-1.6.1-10.12 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62776	P	libavcodec57-3.4.2-9.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1919	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1937	P	ncurses-devel-32bit-6.1-5.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1917	P	gdb-10.1-8.24.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1936	P	nasm-2.14.02-3.4.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:70445	P	Security update for the Linux Kernel (Important)	2021-07-21
oval:org.opensuse.security:def:64544	P	Security update for sqlite3 (Important)	2021-07-14
oval:org.opensuse.security:def:64543	P	Security update for dbus-1 (Important)	2021-07-12
oval:org.opensuse.security:def:73659	P	Security update for libnettle (Important)	2021-06-23
oval:org.opensuse.security:def:48459	P	libMagickCore-6_Q16-1-6.8.8.1-33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48923	P	libfbembed2_5-2.5.2.26539-15.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48442	P	gzip-1.6-7.209 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1978	P	pam-modules-12.1-3.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48576	P	mailx-12.5-28.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48435	P	gpgme-1.5.1-1.11 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48774	P	gimp-2.8.18-4.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48584	P	openvpn-2.3.8-16.6.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48451	P	kbd-1.15.5-8.7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48443	P	hardlink-1.0-6.38 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48915	P	kernel-default-extra-4.12.14-94.41.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48434	P	gpg2-2.0.24-3.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48782	P	lcms-1.19-17.31 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:1973	P	java-1_8_0-openjdk-1.8.0.161-1.52 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67089	P	Security update for ceph (Important)	2021-05-04
oval:org.opensuse.security:def:1980	P	gv-3.7.4-1.41 on GA media (Moderate)	2021-04-29
oval:org.opensuse.security:def:51748	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:73780	P	Security update for python-Jinja2 (Important)	2021-02-26
oval:org.opensuse.security:def:69267	P	Security update for nodejs12 (Important)	2021-02-26
oval:org.opensuse.security:def:64651	P	Security update for webkit2gtk3 (Important)	2021-02-22
oval:org.opensuse.security:def:70337	P	Security update for subversion (Important)	2021-02-10
oval:org.opensuse.security:def:65141	P	Security update for MozillaFirefox (Critical)	2020-12-21
oval:org.opensuse.security:def:64444	P	Security update for curl (Moderate)	2020-12-09
oval:org.opensuse.security:def:49009	P	libfbembed2_5-2.5.2.26539-15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:72607	P	blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4003	P	liblcms2-devel-2.7-9.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63055	P	python2-numpy-gnu-hpc-1.16.5-1.164 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3996	P	libjavascriptcoregtk-1_0-0-2.4.11-23.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3970	P	libdjvulibre-devel-3.5.25.3-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49017	P	libmwaw-0_3-3-0.3.14-7.12.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62599	P	python-tk-2.7.14-7.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63257	P	davfs2-1.5.4-1.4 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62575	P	libplist++-devel-2.0.0-1.31 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3991	P	libidn-devel-1.28-5.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3869	P	cracklib-devel-2.9.0-7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63395	P	apache-commons-beanutils-1.9.2-2.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:1963	P	python2-numpy-gnu-hpc-1.14.0-4.5.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3897	P	gdk-pixbuf-devel-2.34.0-19.17.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3881	P	eog-devel-3.20.4-7.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71725	P	subversion-1.10.6-3.6.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3999	P	libjpeg8-devel-8.1.2-31.14.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63621	P	icedtea-web-1.7.1-5.13 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62576	P	libpotrace0-1.15-3.19 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:3953	P	libapparmor-devel-2.8.2-51.18.3 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2628	P	Security update for cni-plugins (Moderate)	2020-12-02
oval:org.opensuse.security:def:2608	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Important)	2020-12-02
oval:org.opensuse.security:def:2618	P	Security update for cni-plugins (Moderate)	2020-12-02
oval:org.opensuse.security:def:49556	P	libkpathsea6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53024	P	Security update for php7 (Important)	2020-12-01
oval:org.opensuse.security:def:50302	P	Security update for spice-gtk (Important)	2020-12-01
oval:org.opensuse.security:def:51486	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50684	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:64082	P	Security update for tigervnc (Critical)	2020-12-01
oval:org.opensuse.security:def:66023	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:64407	P	libxml2-2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49642	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64078	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:49390	P	audiofile-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64923	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:51063	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:49171	P	libgtk-vnc-2_0-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64332	P	libidn-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74998	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:50322	P	Security update for zziplib (Moderate)	2020-12-01
oval:org.opensuse.security:def:65051	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:50847	P	Security update for apache-commons-httpclient (Important)	2020-12-01
oval:org.opensuse.security:def:50301	P	Security update for libzypp, zypper (Important)	2020-12-01
oval:org.opensuse.security:def:49715	P	sane-backends on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49652	P	libXp6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49611	P	accountsservice on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50991	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:49479	P	perl-CGI on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74865	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:49400	P	fetchmailconf on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53088	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:51115	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:50951	P	Security update for postgresql12 (Important)	2020-12-01
oval:org.opensuse.security:def:64290	P	less on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65933	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:64188	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:63702	P	Security update for apache2-mod_jk (Important)	2020-12-01
oval:org.opensuse.security:def:49725	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68488	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:49621	P	file-roller on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49546	P	libexif-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51001	P	Security update for salt (Critical)	2020-12-01
oval:org.opensuse.security:def:49489	P	sane-backends on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51385	P	Security update for mercurial (Moderate)	2020-12-01
oval:org.opensuse.security:def:50454	P	Security update for ghostscript (Moderate)	2020-12-01
oval:org.opensuse.security:def:63948	P	Security update for texlive (Moderate)	2020-12-01
oval:org.opensuse.security:def:63849	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:69370	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:51053	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:49163	P	libcroco on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74510	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:com.redhat.rhsa:def:20204694	P	RHSA-2020:4694: container-tools:rhel8 security, bug fix, and enhancement update (Moderate)	2020-11-04
oval:org.opensuse.security:def:110693	P	Security update for cni-plugins (Moderate)	2020-07-23
oval:org.opensuse.security:def:110134	P	Security update for cni-plugins (Moderate)	2020-07-23
oval:org.opensuse.security:def:90488	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:98573	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:108083	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:91608	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:117597	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:104143	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:97453	P	Security update for cni-plugins (Moderate)	2020-07-20
oval:org.opensuse.security:def:105263	P	Security update for cni-plugins (Moderate)	2020-07-20

BACK