| Vulnerability Name: | CVE-2020-4719 (CCN-187861) | ||||||||||||
| Assigned: | 2019-12-30 | ||||||||||||
| Published: | 2021-02-26 | ||||||||||||
| Updated: | 2021-03-09 | ||||||||||||
| Summary: | The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861. | ||||||||||||
| CVSS v3 Severity: | 4.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N) 4.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
4.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-706 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-4719 Source: XF Type: UNKNOWN ibm-monitoring-cve20204719-sec-bypass(187861) Source: XF Type: VDB Entry, Vendor Advisory ibm-monitoring-cve20204719-sec-bypass (187861) Source: CCN Type: IBM Security Bulletin 6417137 (Cloud APM) Multiple vulnerabilities affect the IBM Performance Management product Source: CONFIRM Type: Patch, Vendor Advisory https://www.ibm.com/support/pages/node/6417137 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||