CNVD-2020-63943

Vulnerability from cnvd - Published: 2020-11-17
VLAI Severity ?
Title
IBM App Connect Enterprise点击劫持漏洞
Description
IBM App Connect Enterprise是美国IBM公司的一个操作系统。IBM App Connect Enterprise 将现有业界信任的IBM Integration Bus技术与IBM App Connect Professional以及新的云本机技术进行了组合,提供一个可满足现代数字企业全面集成需求的平台。 IBM App Connect Enterprise Certified Container多版本存在安全漏洞,远程攻击者可以利用此漏洞劫持受害者的点击动作,并可能对受害者进行进一步的攻击。
Severity
Patch Name
IBM App Connect Enterprise点击劫持漏洞的补丁
Patch Description
IBM App Connect Enterprise是美国IBM公司的一个操作系统。IBM App Connect Enterprise 将现有业界信任的IBM Integration Bus技术与IBM App Connect Professional以及新的云本机技术进行了组合,提供一个可满足现代数字企业全面集成需求的平台。 IBM App Connect Enterprise Certified Container多版本存在安全漏洞,远程攻击者可以利用此漏洞劫持受害者的点击动作,并可能对受害者进行进一步的攻击。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://www.ibm.com/support/pages/node/6357899

Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-4785
Impacted products
Name
['IBM IBM App Connect Enterprise Certified Container 1.0.0', 'IBM IBM App Connect Enterprise Certified Container 1.0.1', 'IBM IBM App Connect Enterprise Certified Container 1.0.2', 'IBM IBM App Connect Enterprise Certified Container 1.0.3', 'IBM IBM App Connect Enterprise Certified Container 1.0.4']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-4785",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-4785"
    }
  },
  "description": "IBM App Connect Enterprise\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002IBM App Connect Enterprise \u5c06\u73b0\u6709\u4e1a\u754c\u4fe1\u4efb\u7684IBM Integration Bus\u6280\u672f\u4e0eIBM App Connect Professional\u4ee5\u53ca\u65b0\u7684\u4e91\u672c\u673a\u6280\u672f\u8fdb\u884c\u4e86\u7ec4\u5408\uff0c\u63d0\u4f9b\u4e00\u4e2a\u53ef\u6ee1\u8db3\u73b0\u4ee3\u6570\u5b57\u4f01\u4e1a\u5168\u9762\u96c6\u6210\u9700\u6c42\u7684\u5e73\u53f0\u3002\n\nIBM App Connect Enterprise Certified Container\u591a\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u52ab\u6301\u53d7\u5bb3\u8005\u7684\u70b9\u51fb\u52a8\u4f5c\uff0c\u5e76\u53ef\u80fd\u5bf9\u53d7\u5bb3\u8005\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.ibm.com/support/pages/node/6357899",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-63943",
  "openTime": "2020-11-17",
  "patchDescription": "IBM App Connect Enterprise\u662f\u7f8e\u56fdIBM\u516c\u53f8\u7684\u4e00\u4e2a\u64cd\u4f5c\u7cfb\u7edf\u3002IBM App Connect Enterprise \u5c06\u73b0\u6709\u4e1a\u754c\u4fe1\u4efb\u7684IBM Integration Bus\u6280\u672f\u4e0eIBM App Connect Professional\u4ee5\u53ca\u65b0\u7684\u4e91\u672c\u673a\u6280\u672f\u8fdb\u884c\u4e86\u7ec4\u5408\uff0c\u63d0\u4f9b\u4e00\u4e2a\u53ef\u6ee1\u8db3\u73b0\u4ee3\u6570\u5b57\u4f01\u4e1a\u5168\u9762\u96c6\u6210\u9700\u6c42\u7684\u5e73\u53f0\u3002\r\n\r\nIBM App Connect Enterprise Certified Container\u591a\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u52ab\u6301\u53d7\u5bb3\u8005\u7684\u70b9\u51fb\u52a8\u4f5c\uff0c\u5e76\u53ef\u80fd\u5bf9\u53d7\u5bb3\u8005\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "IBM App Connect Enterprise\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "IBM IBM App Connect Enterprise Certified Container  1.0.0",
      "IBM IBM App Connect Enterprise Certified Container  1.0.1",
      "IBM IBM App Connect Enterprise Certified Container  1.0.2",
      "IBM IBM App Connect Enterprise Certified Container  1.0.3",
      "IBM IBM App Connect Enterprise Certified Container  1.0.4"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-4785",
  "serverity": "\u4e2d",
  "submitTime": "2020-11-09",
  "title": "IBM App Connect Enterprise\u70b9\u51fb\u52ab\u6301\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.