Lucene search

IBMD11AB976F85F6CB2A151F18E4C7DCD45359DDB99578FE739D459AA7C71585CEB

HistoryAug 18, 2021 - 7:10 p.m.

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient

2021-08-1819:10:07

www.ibm.com

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

Summary

IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Apache HttpClient.

Vulnerability Details

CVEID:CVE-2020-13956
**DESCRIPTION:**Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by the improper handling of malformed authority component in request URIs. By passing request URIs to the library as java.net.URI object, an attacker could exploit this vulnerability to pick the wrong target host for request execution.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189572 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Multicloud Management Monitoring	before 2.3 Fix Pack 1

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 1 by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for multicloud managementeq2.2
ibm cloud pak for multicloud managementeq2.3

CPE	Name	Operator	Version
	ibm cloud pak for multicloud management	eq	2.2
	ibm cloud pak for multicloud management	eq	2.3

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

45.6%

JSON

Related for D11AB976F85F6CB2A151F18E4C7DCD45359DDB99578FE739D459AA7C71585CEB