CVE-2020-4719
MEDIUMIBM Cloud APM 8.1.4 - DNS Query Injection via Webhook URL Configuration
Title source: manualDescription
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.ibm.com/support/pages/node/6417137
VDB Entry, Vendor Advisory vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/187861
Scores
CVSS v3
4.9
EPSS
0.0083
EPSS Percentile
52.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-706
Status
published
Products (1)
ibm/cloud_application_performance_management
8.1.4 (2 CPE variants)
Published
Mar 02, 2021
Tracked Since
Feb 18, 2026