Synthetic Playback Agent has addressed the following vulnerabilities: CVE-2020-15659, CVE-2020-15654, CVE-2020-15653, CVE-2020-15652, CVE-2020-15655, CVE-2020-15658, CVE-2020-15656
CVEID:CVE-2020-15659
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by memory safety bugs within the browser engine. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185979 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVEID:CVE-2020-15654
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by an error when a Web site specifying a custom cursor using CSS overlays the user interface. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to lead to a perceived broken state.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185986 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2020-15653
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using noopener links to bypass iframe sandbox with the allow-popups flag.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185982 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2020-15652
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to obtain sensitive information, caused by the leaking of redirect targets when loading scripts in a worker. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to obtain the result of a cross-origin redirect.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185981 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVEID:CVE-2020-15655
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the use of extension APIS to bypass the Same Origin Policy. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass security restrictions.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185980 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2020-15658
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to bypass security restrictions, caused by the failure to properly take care of special characters by the code leading to an attacker being able to cut off the file ending at an earlier position. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to download a different file type than shown in the dialog.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185984 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
CVEID:CVE-2020-15656
**DESCRIPTION:**Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion for special arguments in IonMonkey. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary code on the vulnerable system or cause a denial of service.
CVSS Base score: 8.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/185983 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Affected Product(s) | Version(s) |
---|---|
APM AM | 8.1.4 |
BAM | 1.0 |
APM SaaS | 8.1.4 |
APM on-premise | 8.1.4 |
ICAM | 2019.3.0 - 2020.2.0 |
Product Remediation | Fix |
---|---|
APM on-premise | Synthetic Playback Agent 8.1.4 IF12 |
ICAM | ICAM 2020.2.1 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm application performance management | eq | 8.1.4 |