Lucene search

K
ibmIBM7FC5F5C8B99EF48BADCB33AFBD61D3D7F58680BACE18DF827944240D66A8BEEB
HistoryDec 20, 2019 - 8:47 a.m.

Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

2019-12-2008:47:33
www.ibm.com
3

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Summary

Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache ZooKeeper.

Vulnerability Details

CVEID:CVE-2019-0201
**DESCRIPTION:**An issue is present in Apache ZooKeeper 1.0.0 to 3.4.13 and 3.5.0-alpha to 3.5.4-beta. ZooKeeper?s getACL() command doesn?t check any permission when retrieves the ACLs of the requested node and returns all information contained in the ACL Id field as plaintext string. DigestAuthenticationProvider overloads the Id field with the hash value that is used for user authentication. As a consequence, if Digest Authentication is in use, the unsalted hash value will be disclosed by getACL() request for unauthenticated or unprivileged users.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161303 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
Netcool Operations Insight - Cloud Native Event Analytics 1.6.0

Remediation/Fixes

Upgrade Operations Insight to 1.6.0.1

<https://www.ibm.com/support/knowledgecenter/en/SSTPTP_1.6.0/com.ibm.netcool_ops.doc/soc/integration/concept/int_upgr_opsmg-icp.html&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
netcool operations insighteq1.6.0

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

Related for 7FC5F5C8B99EF48BADCB33AFBD61D3D7F58680BACE18DF827944240D66A8BEEB