Is CAPM affected by this Linux library vulnerability : CVE-2020-0452


Article ID: 205924


Updated On:


CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps


Please confirm if CVE-2020-0452 affects capm.


[OS (Linux) and version of CAPM currently in operation]

 "Red Hat Enterprise Linux" 7.4 * AWS


[Vulnerability information]

Fixed version:

CVE: CVE-2020-0452

CWE: CWE-190 (integer overflow)

CVSSv3 base value: 9.8

CVSSv3 Parameters: AV: N / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: H

CVSSv2 base value:

CVSSv2 parameters:

Urgent judgment material: There is a possibility of an attack from a remote third party.

Conditions for successful attack: Libexif (library for parsing / editing / saving EXIF ​​data) included in Red Hat Enterprise Linux etc. contains an integer overflow vulnerability.

Impact of successful attack: May affect system confidentiality / integrity / availability.

Countermeasures / Workaround: Formal countermeasures have been published by the vendor. Take appropriate measures by referring to the vendor information.

Information source:









Release : 3.7.x

Release : 20.x

Component : IM Reporting / Admin / Configuration


This is an OS level library, and it is remediated by the OS vendor:

There are no known issues in CAPM with updating this library.