Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBME4EDC2FA169D0DA37CBCD0520BC305DF277DCFADF273F929C67930A8EE880A10
HistoryJan 13, 2021 - 4:29 p.m.

Security Bulletin: IBM MaaS360 Mobile Enterprise Gateway has security vulnerabilities (CVE-2019-2044, CVE-2019-2045)

2021-01-1316:29:03
www.ibm.com
20

0.009 Low

EPSS

Percentile

82.4%

JSON

Summary

Two vulnerabilities were identified and remediated in the IBM MaaS360 Mobile Enterprise Gateway.

Vulnerability Details

CVEID:CVE-2019-20445
**DESCRIPTION:**Netty could provide weaker than expected security, caused by non-proper handling of Content-Length and Transfer-Encoding in the HttpObjectDecoder.java. A remote attacker could exploit this vulnerability to launch further attacks on the system.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175486 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

CVEID:CVE-2019-20444
**DESCRIPTION:**Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/175487 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM MaaS360 Mobile Enterprise Gateway 2.102 and prior

Remediation/Fixes

Update the IBM MaaS360 Mobile Enterprise Gateway to version 2.103.x or greater.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm maas360eq2.102

Related

ibm 20
nessus 13
osv 12
openvas 10
redhat 19
debian 5
ubuntu 3
fedora 2
github 2
veracode 2
prion 4
nvd 4
debiancve 2
f5 1
cvelist 4
ubuntucve 2
cve 4
android 2
redhatcve 2
threatpost 1
ibm
ibm
Security Bulletin: Multiple vulnerabilities have been identified in Netty shipped with IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library (CVE-2019-20445, CVE-2019-20444)
2020-03-20 10:48:48
Security Bulletin: Multiple vulnerabilities in netty affect IBM Spectrum Scale Transparent Cloud Tiering (CVE-2019-20445, CVE-2019-20444)
2020-05-26 15:17:05
Security Bulletin: Multiple vulnerabilities in netty affect IBM Operations Analytics Predictive Insights (CVE-2019-20445, CVE-2019-20444)
2020-02-28 16:03:44
nessus
nessus
Debian DLA-2365-1 : netty-3.9 security update
2020-09-08 00:00:00
RHEL 6 / 7 / 8 : Red Hat JBoss Enterprise Application Platform 7.2 (RHSA-2020:0605)
2020-02-27 00:00:00
RHEL 6 / 8 : AMQ Clients 2.6.0 Release (Important) (RHSA-2020:0601)
2023-01-23 00:00:00
osv
osv
netty - security update
2020-02-19 00:00:00
netty-3.9 - security update
2020-09-04 00:00:00
netty-3.9 vulnerabilities
2020-09-22 16:15:05
openvas
openvas
Debian: Security Advisory (DLA-2109-1)
2020-02-20 00:00:00
Debian: Security Advisory (DLA-2365-1)
2020-09-05 00:00:00
Ubuntu: Security Advisory (USN-4532-1)
2020-09-23 00:00:00
redhat
redhat
(RHSA-2020:0567) Important: Red Hat build of Eclipse Vert.x 3.8.5 security update
2020-03-03 16:07:01
(RHSA-2020:0605) Important: Red Hat JBoss Enterprise Application Platform 7.2 security update
2020-02-25 17:21:01
(RHSA-2020:0497) Important: AMQ Online security update
2020-02-13 14:03:36
debian
debian
[SECURITY] [DLA 2365-1] netty-3.9 security update
2020-09-04 18:41:04
[SECURITY] [DLA 2109-1] netty security update
2020-02-19 18:04:02
[SECURITY] [DLA 2364-1] netty security update
2020-09-04 18:39:54
ubuntu
ubuntu
Netty vulnerabilities
2020-09-22 00:00:00
Netty vulnerabilities
2020-10-22 00:00:00
Netty vulnerabilities
2020-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: netty-4.1.51-1.fc33
2020-09-25 17:16:37
[SECURITY] Fedora 33 Update: jctools-3.1.0-1.fc33
2020-09-25 17:16:36
github
github
HTTP Request Smuggling in Netty
2020-02-21 18:55:24
HTTP Request Smuggling in Netty
2020-02-21 18:55:04
veracode
veracode
HTTP Request Smuggling
2020-01-31 06:26:41
HTTP Request Smuggling
2020-01-30 04:36:31
prion
prion
Design/Logic Flaw
2020-01-29 21:15:00
Design/Logic Flaw
2020-01-29 21:15:00
Out-of-bounds
2019-05-08 17:29:00
nvd
nvd
CVE-2019-20444
2020-01-29 21:15:11
CVE-2019-20445
2020-01-29 21:15:11
CVE-2019-2044
2019-05-08 17:29:00
debiancve
debiancve
CVE-2019-20444
2020-01-29 21:15:11
CVE-2019-20445
2020-01-29 21:15:11
f5
f5
K14752415 : Netty vulnerability CVE-2019-20444
2020-07-13 00:00:00
cvelist
cvelist
CVE-2019-20445
2020-01-29 20:33:03
CVE-2019-2044
2019-05-08 16:23:41
CVE-2019-20444
2020-01-29 20:33:17
ubuntucve
ubuntucve
CVE-2019-20445
2020-01-29 00:00:00
CVE-2019-20444
2020-01-29 00:00:00
cve
cve
CVE-2019-20444
2020-01-29 21:15:11
CVE-2019-2044
2019-05-08 17:29:00
CVE-2019-20445
2020-01-29 21:15:11
android
android
CVE-2019-2045
2019-05-01 00:00:00
CVE-2019-2044
2019-05-01 00:00:00
redhatcve
redhatcve
CVE-2019-20444
2021-07-18 00:29:58
CVE-2019-20445
2022-05-14 11:32:59
threatpost
threatpost
Google Patches Critical Remote Code-Execution Flaws in Android
2019-05-08 17:35:25

0.009 Low

EPSS

Percentile

82.4%

JSON
Related for E4EDC2FA169D0DA37CBCD0520BC305DF277DCFADF273F929C67930A8EE880A10
ibm20nessus13osv12openvas10redhat19debian5ubuntu3fedora2github2veracode2prion4nvd4debiancve2f51cvelist4ubuntucve2cve4android2redhatcve2threatpost1