Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM94C81659E60B4258BD886BC86A2C21DE1FB1C2452A6A1C36C72AAF49EC1FAE0E
HistoryJun 28, 2024 - 9:05 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Kubernetes

2024-06-2821:05:58
www.ibm.com
3
ibm infosphere information server
kubernetes
vulnerabilities
security
11.7

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.6%

JSON

Summary

Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed.

Vulnerability Details

CVEID:CVE-2020-8562
**DESCRIPTION:**Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use (TOCTOU) race condition flaw in the API Server proxy. By sending a specially-crafted request, an attacker could exploit this vulnerability to gain access to private networks on the Kubernetes control plane components.
CVSS Base score: 2.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201273 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N)

CVEID:CVE-2021-25743
**DESCRIPTION:**Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by improper filtering of ANSI escape characters in kubectl. By sending a specially-crafted input, an attacker could exploit this vulnerability to hide all the events, changing the title of the terminal window, and spoof the data.
CVSS Base score: 3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/216852 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud 11.7 DT381950 --Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.5

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibminfosphere_information_serverMatch11.7

Related

redhatcve 2
hackerone 1
veracode 1
prion 2
gitlab 2
debiancve 2
cnvd 1
cvelist 2
osv 4
cve 2
ubuntucve 2
nvd 2
github 2
ibm 2
nessus 1
photon 1
redhatcve
redhatcve
CVE-2020-8562
2021-05-04 23:04:25
CVE-2021-25743
2022-01-19 14:36:41
hackerone
hackerone
Kubernetes: Bypass apiserver proxy filter
2020-04-27 00:04:50
veracode
veracode
Cross-site Scripting (XSS)
2022-01-07 17:38:19
prion
prion
Design/Logic Flaw
2022-01-07 00:15:00
Input validation
2022-02-01 11:15:00
gitlab
gitlab
ANSI escape characters not filtered
2022-01-08 00:00:00
Time-of-check Time-of-use (TOCTOU) Race Condition
2022-02-02 00:00:00
debiancve
debiancve
CVE-2021-25743
2022-01-07 00:15:07
CVE-2020-8562
2022-02-01 11:15:10
cnvd
cnvd
Kubernetes has an unspecified vulnerability (CNVD-2022-09802)
2022-01-07 00:00:00
cvelist
cvelist
CVE-2021-25743 ANSI escape characters in kubectl output are not being filtered
2021-05-02 00:00:00
CVE-2020-8562 Bypass of Kubernetes API Server proxy TOCTOU
2021-05-04 00:00:00
osv
osv
CVE-2021-25743
2022-01-07 00:15:07
kubectl ANSI escape characters not filtered
2022-01-08 00:00:21
Potential proxy IP restriction bypass in Kubernetes
2022-02-02 00:01:58
cve
cve
CVE-2021-25743
2022-01-07 00:15:07
CVE-2020-8562
2022-02-01 11:15:10
ubuntucve
ubuntucve
CVE-2021-25743
2022-01-07 00:00:00
CVE-2020-8562
2022-02-01 00:00:00
nvd
nvd
CVE-2021-25743
2022-01-07 00:15:07
CVE-2020-8562
2022-02-01 11:15:10
github
github
kubectl ANSI escape characters not filtered
2022-01-08 00:00:21
Potential proxy IP restriction bypass in Kubernetes
2022-02-02 00:01:58
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to security restrictions bypass due to [CVE-2021-25743]
2023-02-13 19:22:42
Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities
2023-06-08 21:56:13
nessus
nessus
Fedora 37 : kubernetes (2023-a1d7a29fe5)
2023-07-01 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-3.0-0631
2023-08-11 00:00:00

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.6%

JSON
Related for 94C81659E60B4258BD886BC86A2C21DE1FB1C2452A6A1C36C72AAF49EC1FAE0E
redhatcve2hackerone1veracode1prion2gitlab2debiancve2cnvd1cvelist2osv4cve2ubuntucve2nvd2github2ibm2nessus1photon1