CVE-2020-4719

Name of the Vulnerable Software and Affected Versions IBM Cloud APM version 8.1.4

Description The issue is related to the IBM Cloud APM server issuing a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames, potentially allowing a remote attacker to impact the integrity of protected information.

Recommendations For IBM Cloud APM version 8.1.4, consider restricting access to the Cloud Event Management Webhook URL configuration definition to prevent authenticated users with admin authorization from creating malicious DNS query strings. As a temporary workaround, consider disabling the Webhook URL configuration definition until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.