Lucene search

K
ibmIBMD0B31273B5CAE7971F9FBEBC2F13E62ED0E72188BCE9AE7F9E483C591E4A9F50
HistoryJan 04, 2021 - 10:16 a.m.

Security Bulletin: A security vulnerability has been identified in PCRE, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2020-14155)

2021-01-0410:16:09
www.ibm.com
26
pcre
ibm tivoli network manager
vulnerability
cve-2020-14155
integer overflow
remote attack
code execution
fix pack 11

EPSS

0.007

Percentile

80.4%

Summary

A security vulnerability has been disclosed in the pcre library libpcre, which is installed as part of IBM Tivoli Network Manager version 4.2. Information about this vulnerability has been published in a security bulletin.

Vulnerability Details

CVEID:CVE-2020-14155
**DESCRIPTION:**PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183499 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
ITNM 3.9
ITNM 4.1.x
ITNM 4.2.0

Remediation/Fixes

Affected Product(s) Version(s) Remediation
ITNM 3.9

Please contact support team and refer CVE-2020-14155

ITNM| 4.1.x|

Please contact support team and refer CVE-2020-14155

ITNM| 4.2.0|

Upgrade to ITNM 4.2 Fix Pack 11 (4.2.0.11), as per:

Download IBM Tivoli Network Manager 4.2 Fix Pack 11

Workarounds and Mitigations

None