Lucene search

K
ibmIBMD0B31273B5CAE7971F9FBEBC2F13E62ED0E72188BCE9AE7F9E483C591E4A9F50
HistoryJan 04, 2021 - 10:16 a.m.

Security Bulletin: A security vulnerability has been identified in PCRE, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-14155)

2021-01-0410:16:09
www.ibm.com
11

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

A security vulnerability has been disclosed in the pcre library libpcre, which is installed as part of IBM Tivoli Network Manager version 4.2. Information about this vulnerability has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2020-14155
**DESCRIPTION:**PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
ITNM 3.9
ITNM 4.1.x
ITNM 4.2.0

Remediation/Fixes

Affected Product(s) Version(s) Remediation
ITNM 3.9

Please contact support team and refer CVE-2020-14155

ITNM| 4.1.x|

Please contact support team and refer CVE-2020-14155

ITNM| 4.2.0|

Upgrade to ITNM 4.2 Fix Pack 11 (4.2.0.11), as per:

Download IBM Tivoli Network Manager 4.2 Fix Pack 11

Workarounds and Mitigations

None

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for D0B31273B5CAE7971F9FBEBC2F13E62ED0E72188BCE9AE7F9E483C591E4A9F50