Lucene search

IbmCVELIST:CVE-2020-4719

HistoryMar 02, 2021 - 4:55 p.m.

CVE-2020-4719

2021-03-0216:55:18

ibm

www.cve.org

ibm

cloud apm

dns query

webhook

x-force

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.

CNA Affected

[
  {
    "product": "Cloud APM",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.1.4"
      }
    ]
  }
]

References

exchange.xforce.ibmcloud.com/vulnerabilities/187861

www.ibm.com/support/pages/node/6417137

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C

AI Score

4.8

Confidence

High

EPSS

0.001

Percentile

19.6%

JSON

Related for CVELIST:CVE-2020-4719