Lucene search

K
ibm
IBMF77F8776E631C3F3AB45D4B3DA193D389C4D0CB247D373A2D329E3F086023871
HistoryNov 09, 2020 - 10:03 a.m.

Security Bulletin: Novalink is impacted by Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty (CVE-2020-10693)

2020-11-0910:03:28
www.ibm.com
3

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Summary

Novalink uses WebSphere Application Server Liberty. There is a Vulnerability in Hibernate Validator affects WebSphere Application Server Liberty

Vulnerability Details

CVEID:CVE-2020-10693
**DESCRIPTION:**Hibernate Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass input sanitation controls when handling user-controlled data in error messages.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/182240 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
NovaLink 1.0.0.16

Remediation/Fixes

The recommended solution is to upgrade to Novalink version 1.0.0.16-201030-3693 or later

<http://public.dhe.ibm.com/systems/virtualization/Novalink/readme/NovaLink_1.0.0.16_readme.html&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
powervm novalinkeq1.0.0.16
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

Related for F77F8776E631C3F3AB45D4B3DA193D389C4D0CB247D373A2D329E3F086023871