DNS Query Manipulation in IBM Cloud APM Server
CVE-2020-4719

4.9MEDIUM

Key Information:

Vendor
IBM
Status
Vendor
CVE Published:
2 March 2021

Summary

The IBM Cloud APM 8.1.4 server is susceptible to a vulnerability where it processes DNS requests for any hostname specified in the Cloud Event Management Webhook URL configuration. This issue allows an authenticated user with admin privileges to create DNS query strings that do not correspond to valid hostnames, potentially leading to further security implications. Proper validation measures should be enforced to mitigate the risk associated with untrusted inputs.

Affected Version(s)

Cloud APM 8.1.4

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.