A vulnerability was found in all versions of container networking/plugins before version 0.8.6 of pipeline-utils, affecting IBM Cloud Pak for Applications. This has been addressed in IBM Cloud Pak for Applications 4.3.1
CVEID:CVE-2020-10749
**DESCRIPTION:**Container Network Interface plugins are vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue router advertisements, an attacker could exploit this vulnerability using man-in-the-middle techniques to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182748 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak for Applications | All |
IBM Cloud Pak for Applications 4.3.1 contains an updated pipeline-utils image which no longer expose this vulnerability. No separate APAR is provided.
None