IBM Tivoli Netcool Impact has addressed the following Apache HttpClient vulnerability.
CVEID:CVE-2020-13956
**DESCRIPTION:**Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Tivoli Netcool Impact 7.1.0 | 7.1.0.0 ~ 7.1.0.20 |
Product | VRMF | APAR | Remediation/First Fix |
---|---|---|---|
IBM Tivoli Netcool Impact 7.1.0 | 7.1.0.21 | IJ30144 | IBM Tivoli Netcool Impact 7.1.0 FP21 |
None
CPE | Name | Operator | Version |
---|---|---|---|
tivoli netcool/impact | eq | 7.1.0 |