IBMDF80945D7CD4B514E7146B4937E3D2D8B6AB410AAFFDA4C579A541BE48196080Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - OkHttp 3.x (CVE-2018-20200)
EPSS
Percentile
60.9%
Summary
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application.
Vulnerability Details
CVEID:CVE-2018-20200
**DESCRIPTION:**DISPUTED CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle attackers to bypass certificate pinning by changing SSLContext and the boolean values while hooking the application. NOTE: This id is disputed because some parties don’t consider this is a vulnerability. Their rationale can be found in <https://github.com/square/okhttp/issues/4967>.
CVSS Base score: 0
CVSS Vector:
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Resilient OnPrem | IBM Security SOAR |
Remediation/Fixes
Users must upgrade to v38.0 of IBM Resilient in order to obtain a fix for this vulnerability.
You can upgrade the platform by following the instructions in the “Upgrade Procedure” section in the IBM Knowledge Center.
Workarounds and Mitigations
None
Related
EPSS
Percentile
60.9%