Lucene search

IBM91CF53B025F43F5A3A9DB04F4556B8CD56CC0748EEE2440A24BAF4AE6047A600

HistoryMar 19, 2022 - 4:17 a.m.

Security Bulletin: A vulnerability in Java SE affects IBM Control Center (CVE-2020-14781)

2022-03-1904:17:36

www.ibm.com

0.001 Low

EPSS

Percentile

47.4%

JSON

Summary

Under certain circumstances, encrypted LDAP connections can be downgraded to unencrypted connections. The fix ensures that encrypted LDAP connections cannot be downgraded in this way.

Vulnerability Details

CVEID:CVE-2020-14781
**DESCRIPTION:**An unspecified vulnerability in Java SE related to the JNDI component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/190099 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Control Center	6.1.3
IBM Control Center	6.2.0.0

Remediation/Fixes

Product

VRMF

iFix

Remediation

—|—|—|—

IBM Control Center

6.1.3.0

iFix12

Fix Central - 6.1.3.0

IBM Control Center

6.2.0.0

iFix07

or later

Fix Central - 6.2.0.0

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm control centereq6.2.0.0
ibm control centereq6.1.3.0

CPE	Name	Operator	Version
	ibm control center	eq	6.2.0.0
	ibm control center	eq	6.1.3.0

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for 91CF53B025F43F5A3A9DB04F4556B8CD56CC0748EEE2440A24BAF4AE6047A600