#VU45827 Improper Authentication in Event Streams - CVE-2020-4662

Cybersecurity Help s.r.o.

Published: 2020-08-14 | Updated: 2020-08-21

Vulnerability identifier: #VU45827

Vulnerability risk: High

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2020-4662

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Event Streams
Client/Desktop applications / Other client software

Vendor: IBM Corporation

Description

The vulnerability allows a remote authenticated user to execute arbitrary code.

IBM Event Streams 10.0.0 could allow an authenticated user to perform tasks to a schema due to improper authentication validation. IBM X-Force ID: 186233.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Event Streams: 10.0.0

External links
https://exchange.xforce.ibmcloud.com/vulnerabilities/186233
https://www.ibm.com/support/pages/node/6259393

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Improper Authentication in IBM Event Streams