Vulnerability-Lookup

CNVD-2021-20204

Vulnerability from cnvd - Published: 2021-03-22

Title

IBM APM存在未明漏洞

Description

IBM Application Performance Management（APM）是美国IBM公司的一套IT服务管理软件。该软件主要用于监控和管理云、内部部署和混合应用程序以及IT基础架构等。 IBM APM 8.1.4版本存在安全漏洞，攻击可以利用该漏洞创建非主机名的DNS查询字符串。

Severity

中

Patch Name

IBM APM存在未明漏洞的补丁

Patch Description

IBM Application Performance Management（APM）是美国IBM公司的一套IT服务管理软件。该软件主要用于监控和管理云、内部部署和混合应用程序以及IT基础架构等。 IBM APM 8.1.4版本存在安全漏洞，攻击可以利用该漏洞创建非主机名的DNS查询字符串。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-affect-ibm-performance-management-product

Reference

https://exchange.xforce.ibmcloud.com/vulnerabilities/187861

Impacted products

Name
IBM IBM Application Performance Management（APM） 8.1.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-4719",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-4719"
    }
  },
  "description": "IBM Application Performance Management\uff08APM\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957IT\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u548c\u7ba1\u7406\u4e91\u3001\u5185\u90e8\u90e8\u7f72\u548c\u6df7\u5408\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53caIT\u57fa\u7840\u67b6\u6784\u7b49\u3002\n\nIBM APM 8.1.4\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa\u975e\u4e3b\u673a\u540d\u7684DNS\u67e5\u8be2\u5b57\u7b26\u4e32\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://www.ibm.com/support/pages/security-bulletin-multiple-vulnerabilities-affect-ibm-performance-management-product",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-20204",
  "openTime": "2021-03-22",
  "patchDescription": "IBM Application Performance Management\uff08APM\uff09\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u5957IT\u670d\u52a1\u7ba1\u7406\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u4e3b\u8981\u7528\u4e8e\u76d1\u63a7\u548c\u7ba1\u7406\u4e91\u3001\u5185\u90e8\u90e8\u7f72\u548c\u6df7\u5408\u5e94\u7528\u7a0b\u5e8f\u4ee5\u53caIT\u57fa\u7840\u67b6\u6784\u7b49\u3002\r\n\r\nIBM APM 8.1.4\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u53ef\u4ee5\u5229\u7528\u8be5\u6f0f\u6d1e\u521b\u5efa\u975e\u4e3b\u673a\u540d\u7684DNS\u67e5\u8be2\u5b57\u7b26\u4e32\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM APM\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "IBM IBM Application Performance Management\uff08APM\uff09 8.1.4"
  },
  "referenceLink": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187861",
  "serverity": "\u4e2d",
  "submitTime": "2021-03-10",
  "title": "IBM APM\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2020-4719 (GCVE-0-2020-4719)

Vulnerability from cvelistv5 – Published: 2021-03-02 16:55 – Updated: 2024-09-16 21:04

Summary

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.

Severity ?

4.9 (Medium)


                        
                          CVSS:3.0/UI:N/PR:H/I:H/AV:N/A:N/S:U/C:N/AC:L/RL:O/RC:C/E:U

CWE

Bypass Security

Assigner

ibm

References

URL

Tags

	https://www.ibm.com/support/pages/node/6417137	x_refsource_CONFIRM
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF

Impacted products

	Vendor	Product	Version
	IBM	Cloud APM	Affected: 8.1.4

Date Public ?

2021-02-26 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:58.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6417137"
          },
          {
            "name": "ibm-monitoring-cve20204719-sec-bypass (187861)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187861"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cloud APM",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "8.1.4"
            }
          ]
        }
      ],
      "datePublic": "2021-02-26T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 4.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/PR:H/I:H/AV:N/A:N/S:U/C:N/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Bypass Security",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-02T16:55:18.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6417137"
        },
        {
          "name": "ibm-monitoring-cve20204719-sec-bypass (187861)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187861"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-02-26T00:00:00",
          "ID": "CVE-2020-4719",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cloud APM",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "8.1.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "H",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Bypass Security"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6417137",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6417137 (Cloud APM)",
              "url": "https://www.ibm.com/support/pages/node/6417137"
            },
            {
              "name": "ibm-monitoring-cve20204719-sec-bypass (187861)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/187861"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4719",
    "datePublished": "2021-03-02T16:55:18.430Z",
    "dateReserved": "2019-12-30T00:00:00.000Z",
    "dateUpdated": "2024-09-16T21:04:24.351Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-20204

CVE-2020-4719 (GCVE-0-2020-4719)

Tags

Sightings

Nomenclature