5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
Apache HttpClient is a component shipped with IBM Spectrum Scale Transparent Cloud Tiering. Information about security vulnerabilities affecting Apache HttpClient has been published. (CVE-2020-13956)
CVEID:CVE-2020-13956
**DESCRIPTION:**Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
gpfs.tct.server | 1.1.2 |
gpfs.tct.server | 1.1.6 |
gpfs.tct.client | 1.1.3 |
gpfs.tct.server | 1.1.1 |
gpfs.tct.server | 1.1.5 |
gpfs.tct.server | 1.1.7 |
gpfs.tct.server | 1.1.3 |
gpfs.tct.server | 1.1.8 |
For Transparent Cloud Tiering 1.1.1.0 thru 1.1.8.2, apply Transparent Cloud Tiering 1.1.8.3 bundled with IBM Spectrum Scale V5.1.0.1 available from FixCentral at:
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 1.1.1.0 | |
ibm spectrum scale | eq | 1.1.8.2 |
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N