Vulnerability Details CVE-2020-4207
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 82.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-4207
-
cpe:2.3:a:ibm:iot_messagesight:2.0.0.0
-
cpe:2.3:a:ibm:iot_messagesight:2.0.0.1
-
cpe:2.3:a:ibm:iot_messagesight:5.0.0.0
-
cpe:2.3:a:ibm:watson_iot_platform_-_message_gateway:5.0.0.1
-
cpe:2.3:o:linux:linux_kernel:-