Lucene search

K
ibmIBM4CA0C5A39CDF0A6C145F40C0D734FEA846B14FA988249228B6F0344FB0D8ED97
HistoryJan 12, 2021 - 10:48 a.m.

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities

2021-01-1210:48:57
www.ibm.com
9

EPSS

0.059

Percentile

93.5%

Summary

IBM Security Privileged Identity Manager has addressed an issue for NTP as follows.

Vulnerability Details

CVEID:CVE-2020-11868
**DESCRIPTION:**NTP is vulnerable to a denial of service, caused by a flaw in ntpd. By sending a server mode packet with a spoofed source IP address, a remote attacker could exploit this vulnerability to block unauthenticated synchronization resulting in a denial of service condition.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180011 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2020-13817
**DESCRIPTION:**NTP is vulnerable to a denial of service, caused by an issue when relying on unauthenticated IPv4 time sources in ntpd. By predicting transmit timestamps for use in spoofed packets, a remote attacker could exploit this vulnerability to cause the daemon to crash or system time change.
CVSS Base score: 7.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183494 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
ISPIM 2.1.1

Remediation/Fixes

Affected Product(s) Version(s) Remediation
ISPIM 2.1.1 2.1.1-ISS-ISPIM-VA-FP0006

Workarounds and Mitigations

None