IBM1E02EA1DDD3A595EBE6C5232008B98228DDC00DBA818ADE7FEF170E140BB8165Security Bulletin: IBM Safer Payments vulnerable to Denial Of Service Attacks (CVE-2020-4729)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
27.0%
Summary
IBM Safer Payments can be crashed by sending specially crafted API calls. This vulnerability has been addressed.
Vulnerability Details
CVEID:CVE-2020-4729
**DESCRIPTION:**IBM Counter Fraud Management for Safer Payments could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188052 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
Affected Product(s): IBM Safer Payments
Version(s): 5.7.0.00 - 5.7.0.10, 6.0.0.00 - 6.0.0.07, 6.1.0.00 - 6.1.0.05, and 6.2.0.00 - 6.2.1.00
Remediation/Fixes
Update IBM Safer Payments to version 5.7.0.11, 6.0.0.08, 6.1.0.06, 6.2.1.01 or higher.
Refer to the IBM Safer Payments documentation to download the updates.
Workarounds and Mitigations
Revoke the privilege to execute that maintenance function from all user accounts.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm safer payments | eq | 5.7 | |
| ibm safer payments | eq | 6.0 | |
| ibm safer payments | eq | 6.1 | |
| ibm safer payments | eq | 6.2 |
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
27.0%