Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB3D15A7A2A464AF33185A2A16F586216DFCC05945CFE85F63635A364CAD2F5B9
HistorySep 14, 2020 - 7:45 p.m.

Security Bulletin: Docker vulnerability affects IBM Spectrum Protect Plus (CVE-2020-13401)

2020-09-1419:45:53
www.ibm.com
12

6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON

Summary

Docker is vulnerable to a man-in-the-middle attack which could affect IBM Spectrum Protect Plus.

Vulnerability Details

CVEID:CVE-2020-13401
**DESCRIPTION:**Docker Docker CE is vulnerable to a man-in-the-middle attack, caused by improper validation of router advertisements. By sending rogue router advertisements, an attacker could exploit this vulnerability using man-in-the-middle techniques to gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.
CVSS Base score: 6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182750 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Spectrum Protect Plus 10.1.0-10.1.6

Remediation/Fixes

Spectrum Protect Plus Release First Fixing VRM Level Platform Link to Fix
10.1 10.1.6 ifix4 Linux <https://www.ibm.com/support/pages/node/6254732&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm spectrum protect pluseq10.1

Related

prion 1
nessus 13
githubexploit 1
ibm 7
openvas 10
osv 3
mageia 1
ubuntucve 1
debiancve 1
fedora 2
redhatcve 1
github 1
cve 1
alpinelinux 1
suse 1
debian 1
gentoo 1
veracode 1
amazon 1
oraclelinux 5
photon 2
prion
prion
Code injection
2020-06-02 14:15:00
nessus
nessus
GLSA-202008-15 : Docker: Information disclosure
2020-08-27 00:00:00
Amazon Linux AMI : docker (ALAS-2020-1376)
2020-06-04 00:00:00
SUSE SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2020:1657-1)
2020-07-09 00:00:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Docker Engine
2021-03-31 17:45:10
ibm
ibm
Security Bulletin: IBM Cloud Pak for Multicloud Management Managed Service Content Runtime is affected by an issue with Docker before 19.03.11.
2020-09-16 13:46:58
Security Bulletin: IBM Cloud Automation Manager is affected by an issue with Docker before 19.03.11.
2023-05-15 12:07:40
Security Bulletin: Vulnerability in Docker affects Cloud Pak Sytem (CVE-2020-13401)
2020-10-12 09:40:47
openvas
openvas
Mageia: Security Advisory (MGASA-2020-0279)
2022-01-28 00:00:00
Fedora: Security Advisory for moby-engine (FEDORA-2020-6d7deafd81)
2020-06-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:1657-1)
2021-06-09 00:00:00
osv
osv
CVE-2020-13401
2020-06-02 14:15:10
docker.io - security update
2020-07-02 00:00:00
Improper Input Validation in Docker Engine
2022-02-15 01:57:18
mageia
mageia
Updated docker packages fix security vulnerability
2020-07-05 18:53:52
ubuntucve
ubuntucve
CVE-2020-13401
2020-06-02 00:00:00
debiancve
debiancve
CVE-2020-13401
2020-06-02 14:15:00
fedora
fedora
[SECURITY] Fedora 32 Update: moby-engine-19.03.11-1.ce.git42e35e6.fc32
2020-06-19 01:05:16
[SECURITY] Fedora 31 Update: moby-engine-19.03.11-1.ce.git42e35e6.fc31
2020-06-19 01:07:27
redhatcve
redhatcve
CVE-2020-13401
2020-06-01 21:22:32
github
github
Improper Input Validation in Docker Engine
2022-02-15 01:57:18
cve
cve
CVE-2020-13401
2020-06-02 14:15:00
alpinelinux
alpinelinux
CVE-2020-13401
2020-06-02 14:15:00
suse
suse
Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (moderate)
2020-06-23 00:00:00
debian
debian
[SECURITY] [DSA 4716-1] docker.io security update
2020-07-02 18:41:07
gentoo
gentoo
Docker: Information disclosure
2020-08-26 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2020-06-03 05:14:58
amazon
amazon
Important: docker
2020-05-29 21:52:00
oraclelinux
oraclelinux
docker-cli docker-engine security update
2020-06-24 00:00:00
docker-engine docker-cli security update
2020-06-12 00:00:00
docker-cli docker-engine security update
2020-08-24 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0045
2023-07-05 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0041
2023-06-29 00:00:00

6 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

JSON
Related for B3D15A7A2A464AF33185A2A16F586216DFCC05945CFE85F63635A364CAD2F5B9
prion1nessus13githubexploit1ibm7openvas10osv3mageia1ubuntucve1debiancve1fedora2redhatcve1github1cve1alpinelinux1suse1debian1gentoo1veracode1amazon1oraclelinux5photon2