Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMF8732F8B619750994489E8E07BA6DD25B4222059F1471A057A51189D73EF1CDE
HistoryApr 06, 2021 - 9:56 a.m.

Security Bulletin: IBM Network Performance Insight 1.3.1 was affected by CVE-2020-17516 in Apache Cassandra.

2021-04-0609:56:35
www.ibm.com
8

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON

Summary

IBM Network Performance Insight 1.3.1 was affected by CVE-2020-17516 in Apache Cassandra.

Vulnerability Details

CVEID:CVE-2020-17516
**DESCRIPTION:**Apache Cassandra could allow a remote attacker to bypass security restrictions, caused by not enforcing encryption setting on inbound internode connections. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass mutual TLS requirement.
CVSS Base score: 9.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196036 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Network Performance Insight 1.3.1

Remediation/Fixes

To resolve the CVE-2020-17516 IBM Network Performance Insight fix pack 1.3.1.0-TIV-NPI-IF0003.2 updated with upgraded cassandra with version cassandra-3.11.10-1.noarch.rpm

Fix Pack (IBM Network Performance Insight fix pack 1.3.1.0-TIV-NPI-IF0003.2) is available to download at following link:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.0-TIV-NPI-IF0003.2&source=SAR

Readme file contains upgrade instructions:

http://www.ibm.com/support/fixcentral/quickorder?product=ibm%2FTivoli%2FNetwork+Performance+Insight&fixids=1.3.1.0-TIV-NPI-IF0003.2.README&source=SAR

Workarounds and Mitigations

None

CPENameOperatorVersion
netcool operations insighteq1.3.6

Related

photon 8
osv 2
cve 1
nessus 4
redhatcve 1
github 1
prion 1
veracode 1
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0359
2021-02-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0003
2021-03-12 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0319
2021-02-17 00:00:00
osv
osv
Authentication Bypass in Apache Cassandra
2022-02-09 01:01:22
BIT-cassandra-2020-17516
2024-03-06 10:51:09
cve
cve
CVE-2020-17516
2021-02-03 17:15:00
nessus
nessus
Photon OS 4.0: Cassandra PHSA-2021-4.0-0003
2021-03-24 00:00:00
Photon OS 3.0: Cassandra PHSA-2021-3.0-0193
2021-02-14 00:00:00
Photon OS 2.0: Cassandra PHSA-2021-2.0-0319
2021-02-23 00:00:00
redhatcve
redhatcve
CVE-2020-17516
2021-02-02 13:56:32
github
github
Authentication Bypass in Apache Cassandra
2022-02-09 01:01:22
prion
prion
Design/Logic Flaw
2021-02-03 17:15:00
veracode
veracode
Man-in-the-Middle (MitM)
2021-02-04 07:28:50

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

JSON
Related for F8732F8B619750994489E8E07BA6DD25B4222059F1471A057A51189D73EF1CDE
photon8osv2cve1nessus4redhatcve1github1prion1veracode1