3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
64.9%
IBM Security Privileged Identity Manager has addressed issues for dnsmasq as follows.
CVEID:CVE-2020-25684
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the failure to validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses. By using unsolicited DNS responses, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195081 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
CVEID:CVE-2020-25685
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the use of a weak hashing algorithm (CRC32) when compiled without DNSSEC to validate DNS responses. By using unsolicited DNS responses, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195082 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
CVEID:CVE-2020-25686
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the failure to check for an existing pending request for the same name. By performing a "Birthday Attack" scenario to forge replies, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195083 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
ISPIM | 2.1.1 |
Affected Product(s) | Version(s) | Remediation |
---|---|---|
ISPIM | 2.1.1 | 2.1.1-ISS-ISPIM-VA-FP0007 |
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm security privileged identity manager | eq | 2.1.1 |
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
64.9%