Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMAAA1E7F7408D13B0908F8A20B8978B0936350FAEE4F29868B5F998116F3084A0
HistoryJun 22, 2020 - 3:47 p.m.

Security Bulletin: IBM API Connect V2018 (ova) is vulnerable to denial of service (CVE-2020-8551, CVE-2020-8552)

2020-06-2215:47:43
www.ibm.com
8

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON

Summary

IBM API Connect has addressed the following vulnerabilities.

Vulnerability Details

CVEID:CVE-2020-8551
**DESCRIPTION:**Kubernetes kubelet API is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 4.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178253 for the current score.
CVSS Vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

CVEID:CVE-2020-8552
**DESCRIPTION:**Kubernetes kube-apiserver is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted resource request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178254 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
API Connect V2018.4.1.0-2018.4.1.10

Remediation/Fixes

Affected Product Addressed in VRMF APAR Remediation/First Fix

IBM API Connect

V2018.4.1.0-2018.4.1.10

| 2018.4.1.11| LI81564|

Addressed in IBM API Connect V2018.4.1.11.

All components are impacted. Only ova deployments are impacted.

Follow this link and find the packages for ova deployment.

http://www.ibm.com/support/fixcentral/swg/quickorder

Workarounds and Mitigations

None

Related

openvas 1
fedora 1
nessus 7
osv 4
debiancve 2
veracode 2
ubuntucve 2
cve 2
gitlab 3
redhatcve 2
github 2
redhat 7
prion 2
ibm 8
hackerone 1
photon 6
openvas
openvas
Fedora: Security Advisory for origin (FEDORA-2020-aeea04cd13)
2020-07-24 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: origin-3.11.2-1.fc32
2020-07-24 01:15:02
nessus
nessus
Fedora 32 : origin (2020-aeea04cd13)
2020-07-27 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.2.29 openshift (RHSA-2020:1527)
2020-04-22 00:00:00
Photon OS 1.0: Kubernetes PHSA-2020-1.0-0289
2020-04-28 00:00:00
osv
osv
Kubernetes API Server DoS Via API Requests
2022-02-15 01:57:18
CVE-2020-8552
2020-03-27 15:15:12
CVE-2020-8551
2020-03-27 15:15:12
debiancve
debiancve
CVE-2020-8552
2020-03-27 15:15:00
CVE-2020-8551
2020-03-27 15:15:00
veracode
veracode
Denial Of Service (DoS)
2020-03-25 03:23:56
Denial Of Service (DoS)
2020-03-25 03:43:43
ubuntucve
ubuntucve
CVE-2020-8551
2020-03-27 00:00:00
CVE-2020-8552
2020-03-27 00:00:00
cve
cve
CVE-2020-8551
2020-03-27 15:15:00
CVE-2020-8552
2020-03-27 15:15:00
gitlab
gitlab
Allocation of Resources Without Limits or Throttling
2020-03-27 00:00:00
Allocation of Resources Without Limits or Throttling
2022-02-15 00:00:00
Allocation of Resources Without Limits or Throttling
2020-03-27 00:00:00
redhatcve
redhatcve
CVE-2020-8552
2020-03-23 23:01:24
CVE-2020-8551
2020-03-23 23:31:17
github
github
Kubernetes API Server DoS Via API Requests
2022-02-15 01:57:18
Allocation of Resources Without Limits or Throttling and Uncontrolled Memory Allocation in Kubernetes
2022-02-15 01:57:18
redhat
redhat
(RHSA-2020:1527) Moderate: OpenShift Container Platform 4.2.29 openshift security update
2020-04-22 04:46:35
(RHSA-2020:1526) Moderate: OpenShift Container Platform 4.2.29 openshift-enterprise-hyperkube-container security update
2020-04-22 04:40:28
(RHSA-2020:2306) Moderate: OpenShift Container Platform 4.2.34 ose-openshift-apiserver-container security update
2020-06-03 09:29:14
prion
prion
Design/Logic Flaw
2020-03-27 15:15:00
Code injection
2020-03-27 15:15:00
ibm
ibm
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2020-8552)
2020-06-24 16:31:32
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes kubelet security vulnerability (CVE-2020-8551)
2020-07-16 17:04:08
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes API server security vulnerabilities (CVE-2019-11254, CVE-2020-8552)
2020-04-30 15:31:00
hackerone
hackerone
Kubernetes: Kubelet resource exhaustion attack via metric label cardinality explosion from unauthenticated requests
2020-01-14 18:01:27
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0229
2020-04-14 00:00:00
Critical Photon OS Security Update - PHSA-2020-0229
2020-04-14 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0289
2020-04-21 00:00:00

6.5 Medium

CVSS3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

JSON
Related for AAA1E7F7408D13B0908F8A20B8978B0936350FAEE4F29868B5F998116F3084A0
openvas1fedora1nessus7osv4debiancve2veracode2ubuntucve2cve2gitlab3redhatcve2github2redhat7prion2ibm8hackerone1photon6