CVE-2020-4719

MEDIUM

IBM Cloud APM 8.1.4 - SSRF

Title source: llm

Description

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.

References (2)

[Patch, Vendor Advisory] https://www.ibm.com/support/pages/node/6417137

[VDB Entry, Vendor Advisory] https://exchange.xforce.ibmcloud.com/vulnerabilities/187861

Scores

CVSS v3 4.9

EPSS 0.0014

EPSS Percentile 33.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-706

Status published

Products (1)

ibm/cloud_application_performance_management 8.1.4 (2 CPE variants)

Published Mar 02, 2021

Tracked Since Feb 18, 2026