Is CAPM affected by this Linux library vulnerability : CVE-2020-0452

book

Article ID: 205924

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Please confirm if CVE-2020-0452 affects capm.

 

[OS (Linux) and version of CAPM currently in operation]

 "Red Hat Enterprise Linux" 7.4 * AWS

 

[Vulnerability information]

Fixed version:

CVE: CVE-2020-0452

CWE: CWE-190 (integer overflow)

CVSSv3 base value: 9.8

CVSSv3 Parameters: AV: N / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: H

CVSSv2 base value:

CVSSv2 parameters:

Urgent judgment material: There is a possibility of an attack from a remote third party.

Conditions for successful attack: Libexif (library for parsing / editing / saving EXIF ​​data) included in Red Hat Enterprise Linux etc. contains an integer overflow vulnerability.

Impact of successful attack: May affect system confidentiality / integrity / availability.

Countermeasures / Workaround: Formal countermeasures have been published by the vendor. Take appropriate measures by referring to the vendor information.

Information source:

--https://access.redhat.com/errata/RHSA-2020:5393

--https://access.redhat.com/errata/RHSA-2020:5394

--https://access.redhat.com/errata/RHSA-2020:5395

--https://access.redhat.com/errata/RHSA-2020:5396

--https://access.redhat.com/errata/RHSA-2020:5402

--https://access.redhat.com/security/cve/CVE-2020-0452

Cause

https://access.redhat.com/security/cve/cve-2020-0452

Environment

Release : 3.7.x

Release : 20.x

Component : IM Reporting / Admin / Configuration

Resolution

This is an OS level library, and it is remediated by the OS vendor:

https://access.redhat.com/errata/RHSA-2020:5402

There are no known issues in CAPM with updating this library.