Lucene search

IBMFC73553AD2A105EE66740C14C0933AC41AB9E38FE9977D31F31C0B40B28F3F0A

HistoryAug 04, 2021 - 5:40 p.m.

Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686)

2021-08-0417:40:31

www.ibm.com

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Summary

IBM Security Privileged Identity Manager has addressed issues for dnsmasq as follows.

Vulnerability Details

CVEID:CVE-2020-25684
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the failure to validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses. By using unsolicited DNS responses, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195081 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)

CVEID:CVE-2020-25685
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the use of a weak hashing algorithm (CRC32) when compiled without DNSSEC to validate DNS responses. By using unsolicited DNS responses, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195082 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)

CVEID:CVE-2020-25686
**DESCRIPTION:**dnsmasq is vulnerable to dns cache poisoning, caused by the failure to check for an existing pending request for the same name. By performing a "Birthday Attack" scenario to forge replies, an attacker could exploit this vulnerability to poison the DNS cache and redirect users to arbitrary sites. The vulnerability is known as DNSpooq.
CVSS Base score: 4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/195083 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
ISPIM	2.1.1

Remediation/Fixes

Affected Product(s)	Version(s)	Remediation
ISPIM	2.1.1	2.1.1-ISS-ISPIM-VA-FP0007

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm security privileged identity managereq2.1.1

CPE	Name	Operator	Version
	ibm security privileged identity manager	eq	2.1.1

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.003 Low

EPSS

Percentile

64.9%

JSON

Related for FC73553AD2A105EE66740C14C0933AC41AB9E38FE9977D31F31C0B40B28F3F0A