Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1E02EA1DDD3A595EBE6C5232008B98228DDC00DBA818ADE7FEF170E140BB8165
HistoryApr 24, 2023 - 2:15 p.m.

Security Bulletin: IBM Safer Payments vulnerable to Denial Of Service Attacks (CVE-2020-4729)

2023-04-2414:15:58
www.ibm.com
20
ibm safer payments
denial of service attacks
cve-2020-4729
api calls
vulnerability
fixed
update
maintenance function

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.8%

JSON

Summary

IBM Safer Payments can be crashed by sending specially crafted API calls. This vulnerability has been addressed.

Vulnerability Details

CVEID:CVE-2020-4729
**DESCRIPTION:**IBM Counter Fraud Management for Safer Payments could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188052 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s): IBM Safer Payments

Version(s): 5.7.0.00 - 5.7.0.10, 6.0.0.00 - 6.0.0.07, 6.1.0.00 - 6.1.0.05, and 6.2.0.00 - 6.2.1.00

Remediation/Fixes

Update IBM Safer Payments to version 5.7.0.11, 6.0.0.08, 6.1.0.06, 6.2.1.01 or higher.

Refer to the IBM Safer Payments documentation to download the updates.

Workarounds and Mitigations

Revoke the privilege to execute that maintenance function from all user accounts.

Affected configurations

Vulners
Node
ibmsafer_paymentsMatch5.7
OR
ibmsafer_paymentsMatch6.0
OR
ibmsafer_paymentsMatch6.1
OR
ibmsafer_paymentsMatch6.2
VendorProductVersionCPE
ibmsafer_payments5.7cpe:2.3:a:ibm:safer_payments:5.7:*:*:*:*:*:*:*
ibmsafer_payments6.0cpe:2.3:a:ibm:safer_payments:6.0:*:*:*:*:*:*:*
ibmsafer_payments6.1cpe:2.3:a:ibm:safer_payments:6.1:*:*:*:*:*:*:*
ibmsafer_payments6.2cpe:2.3:a:ibm:safer_payments:6.2:*:*:*:*:*:*:*

Related

prion 1
cve 1
cvelist 1
nvd 1
prion
prion
Design/Logic Flaw
2023-04-28 02:15:00
cve
cve
CVE-2020-4729
2023-04-28 02:15:08
cvelist
cvelist
CVE-2020-4729 IBM Safer Payments denial of service
2023-04-28 01:11:03
nvd
nvd
CVE-2020-4729
2023-04-28 02:15:08

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

26.8%

JSON
Related for 1E02EA1DDD3A595EBE6C5232008B98228DDC00DBA818ADE7FEF170E140BB8165
prion1cve1cvelist1nvd1