Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMD5F7925A044494B0DAC7341D2C719896D7B0CE335625052CD09D6B7A7E585D3D
HistoryJul 30, 2020 - 9:47 a.m.

Security Bulletin: A security vulnerability has been identified in Apache CXF, which is shipped with IBM Tivoli Network Manager (CVE-2020-1954).

2020-07-3009:47:57
www.ibm.com
13

0.001 Low

EPSS

Percentile

28.1%

JSON

Summary

Apache CXF is shipped with IBM Tivoli Network Manager version 4.2; Information about a security vulnerability affecting IBM WebSphere Application Server is published in this bulletin.

Vulnerability Details

CVEID:CVE-2020-1954
**DESCRIPTION:**Apache CXF is vulnerable to a man-in-the-middle attack, caused by a flaw in JMX Integration. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178938 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
ITNM 4.2.0

Remediation/Fixes

Affected Product(s) Version(s) Remediation
ITNM 4.2.0 Upgrade to ITNM 4.2 Fix Pack 10 (4.2.0.10)
ITNM 4.2 Fix Pack 10 can be downloaded from Fix Central from the following links:

ITNM 4.2.0.10 for AIX

ITNM 4.2.0.10 for 64-but Linux

ITNM 4.2.0.10 for Linux for z/OS

Workarounds and Mitigations

None

CPENameOperatorVersion
tivoli network manager ip editioneq4.2

Related

osv 2
github 1
prion 1
cvelist 1
nvd 1
veracode 1
redhatcve 1
ibm 5
cve 1
nessus 4
redhat 8
oracle 1
osv
osv
CVE-2020-1954
2020-04-01 21:15:14
Apache CXF JMX Integration is vulnerable to a MITM attack
2022-02-10 22:38:50
github
github
Apache CXF JMX Integration is vulnerable to a MITM attack
2022-02-10 22:38:50
prion
prion
Default configuration
2020-04-01 21:15:00
cvelist
cvelist
CVE-2020-1954
2020-04-01 20:07:29
nvd
nvd
CVE-2020-1954
2020-04-01 21:15:14
veracode
veracode
Information Disclosure
2020-04-02 03:48:54
redhatcve
redhatcve
CVE-2020-1954
2020-04-15 19:03:32
ibm
ibm
Security Bulletin:IBM TRIRIGA Application Platform discloses CVE-2020-1954
2022-08-30 16:50:47
Security Bulletin: Apache CXF vulnerability identified in IBM Tivoli Application Dependency Discovery Manager (CVE-2020-1954)
2020-10-22 12:36:13
Security Bulletin: IBM Security Verify Governance uses components with known vulnerabilities (CVE-2021-22696, CVE-2021-30468, CVE-2020-1954)
2023-06-21 20:31:50
cve
cve
CVE-2020-1954
2020-04-01 21:15:14
nessus
nessus
Oracle Enterprise Manager Cloud Control (Oct 2020 CPU)
2020-10-22 00:00:00
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6 (Moderate) (RHSA-2020:4244)
2020-10-14 00:00:00
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8 (Moderate) (RHSA-2020:4245)
2020-10-14 00:00:00
redhat
redhat
(RHSA-2020:4244) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 6
2020-10-13 16:37:57
(RHSA-2020:4246) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 7
2020-10-13 16:39:17
(RHSA-2020:4245) Moderate: Red Hat JBoss Enterprise Application Platform 7.3.3 security update on RHEL 8
2020-10-13 16:38:53
oracle
oracle
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00

0.001 Low

EPSS

Percentile

28.1%

JSON
Related for D5F7925A044494B0DAC7341D2C719896D7B0CE335625052CD09D6B7A7E585D3D
osv2github1prion1cvelist1nvd1veracode1redhatcve1ibm5cve1nessus4redhat8oracle1