Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM7FCE3E3E222CDCA1789998F6F071B1ED0A1310F6CA44453B21275AC42EE9B8AF
HistoryMar 23, 2021 - 3:48 p.m.

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities (CVE-2020-28851 and CVE-2020-28852)

2021-03-2315:48:47
www.ibm.com
32
ibm cloud pak
integration
go vulnerabilities
cve-2020-28851
cve-2020-28852
upgrade
2020.4.1-1-eus

EPSS

0.001

Percentile

49.6%

JSON

Summary

IBM Cloud Pak for Integration is vulnerable to Go vulnerabilities CVE-2020-28851 and CVE-2020-28852 with details of each below.

Vulnerability Details

CVEID:CVE-2020-28851
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by improper input validation while parsing the -u- extension in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause an index out of range panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194162 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-28852
**DESCRIPTION:**Golang Go is vulnerable to a denial of service, caused by improper input validation while processing a BCP 47 tag in language.ParseAcceptLanguage. By sending a specially-crafted HTTP Accept-Language header, a remote attacker could exploit this vulnerability to cause a slice bounds out of range panic.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/194163 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Integration (CP4I) Operator 2020.2.1
2020.3.1
2020.4.1-0-eus
Platform Navigator in IBM Cloud Pak for Integration (CP4I) 2020.2.1
2020.3.1
2020.4.1-0-eus
Asset Repository in IBM Cloud Pak for Integration (CP4I) 2020.2.1
2020.3.1
2020.4.1-0-eus

Remediation/Fixes

IBM Cloud Pak for Integration Operator

Upgrade Cloud Pak for Integration to 2020.4.1-1-eus using the Operator upgrade process described in the Knowledge Center
<https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade.html&gt;

Platform Navigator in****IBM Cloud Pak for Integration

Upgrade Platform Navigator to 2020.4.1-1-eus using the Operator upgrade process described in the Knowledge Center <https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade_platform_navigator.html&gt;

Asset Repository****in IBM Cloud Pak for Integration

Upgrade Asset Repository to 2020.4.1-1-eus using the Operator upgrade process described in the Knowledge Center <https://www.ibm.com/support/knowledgecenter/SSGT7J_20.4/upgrade/upgrade_asset_repo.html&gt;

Workarounds and Mitigations

None

Related

ibm 11
nessus 13
osv 7
nvd 2
openvas 1
veracode 2
cvelist 2
debiancve 2
cve 2
ubuntucve 2
redhatcve 2
prion 2
cbl_mariner 2
ubuntu 1
almalinux 2
oraclelinux 2
redhat 8
rocky 1
ibm
ibm
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go.
2023-02-14 21:04:36
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Golang Go.
2023-02-14 21:14:53
Security Bulletin: IBM Storage Fusion HCI may be vulnerable to Denial of Service via use of openshift/machine-api-operator, openshift/machine-config-operator (CVE-2020-28851, CVE-2020-28852, CVE-2021-44716)
2023-12-21 17:23:15
nessus
nessus
RHEL 7 : golang.org_x_text (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 8 : golang.org_x_text (Unpatched Vulnerability)
2024-05-11 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Go Text vulnerabilities (USN-5873-1)
2023-02-16 00:00:00
osv
osv
golang-golang-x-text, golang-x-text vulnerabilities
2023-02-16 09:20:08
CVE-2020-28852
2021-01-02 06:15:13
CVE-2020-28851
2021-01-02 06:15:12
nvd
nvd
CVE-2020-28852
2021-01-02 06:15:13
CVE-2020-28851
2021-01-02 06:15:12
openvas
openvas
Ubuntu: Security Advisory (USN-5873-1)
2023-02-17 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-01-11 08:48:05
Denial Of Service (DoS)
2021-01-04 06:11:41
cvelist
cvelist
CVE-2020-28852
2021-01-02 05:45:53
CVE-2020-28851
2021-01-02 05:42:40
debiancve
debiancve
CVE-2020-28852
2021-01-02 06:15:13
CVE-2020-28851
2021-01-02 06:15:12
cve
cve
CVE-2020-28852
2021-01-02 06:15:13
CVE-2020-28851
2021-01-02 06:15:12
ubuntucve
ubuntucve
CVE-2020-28852
2021-01-02 00:00:00
CVE-2020-28851
2021-01-02 00:00:00
redhatcve
redhatcve
CVE-2020-28852
2021-01-06 15:34:38
CVE-2020-28851
2021-01-06 14:55:05
prion
prion
Design/Logic Flaw
2021-01-02 06:15:00
Out-of-bounds
2021-01-02 06:15:00
cbl_mariner
cbl_mariner
CVE-2020-28851 affecting package multus for versions less than 4.0.2-1
2024-07-23 02:21:02
CVE-2020-28852 affecting package multus for versions less than 4.0.2-1
2024-07-23 02:21:02
ubuntu
ubuntu
Go Text vulnerabilities
2023-02-16 00:00:00
almalinux
almalinux
Moderate: podman security and bug fix update
2022-11-15 00:00:00
Moderate: git-lfs security and bug fix update
2022-10-25 00:00:00
oraclelinux
oraclelinux
podman security and bug fix update
2022-11-22 00:00:00
git-lfs security and bug fix update
2022-10-26 00:00:00
redhat
redhat
(RHSA-2022:7954) Moderate: podman security and bug fix update
2022-11-15 06:12:00
(RHSA-2022:7129) Moderate: git-lfs security and bug fix update
2022-10-25 07:32:51
(RHSA-2022:0577) Moderate: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]
2022-03-28 08:52:30
rocky
rocky
git-lfs security and bug fix update
2022-10-25 07:32:51

EPSS

0.001

Percentile

49.6%

JSON
Related for 7FCE3E3E222CDCA1789998F6F071B1ED0A1310F6CA44453B21275AC42EE9B8AF
ibm11nessus13osv7nvd2openvas1veracode2cvelist2debiancve2cve2ubuntucve2redhatcve2prion2cbl_mariner2ubuntu1almalinux2oraclelinux2redhat8rocky1