LiveActive security incident?Get immediate response
CVE Record

CVE-2020-4719: The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Even...

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861.

MediumCVSS 4.9Not KEV-listedUpdated
Glexia's TakeAutomated analysismoderate

Security readout for executives and security teams

Plain-English summary

CVE-2020-4719 affects IBM Cloud APM 8.1.4. An authenticated administrator can make the server issue DNS lookups based on webhook URL configuration values, including crafted query strings that are not normal hostnames. This is not remotely exploitable by anonymous attackers, but it can create integrity risk inside environments where admin access is delegated or compromised.

Executive priority

Treat as a controlled but real platform risk. It is not an emergency internet-wide issue, but administrators should confirm exposure, reduce admin access, and follow IBM remediation guidance because the reported integrity impact is high.

Technical view

IBM Cloud APM 8.1.4 resolves hostnames supplied in Cloud Event Management Webhook URL definitions. The CVSS vector shows network reachability, low complexity, no user interaction, high privileges required, and high integrity impact. The public bundle does not identify a CWE or provide detailed remediation steps beyond IBM advisory references.

Likely exposure

Exposure is limited to organizations running IBM Cloud APM 8.1.4, especially where Cloud Event Management webhook configuration is enabled and multiple users have administrative authorization.

Exploitation context

The CVE is not listed in KEV, and the supplied sources do not claim active exploitation. Exploitation requires authenticated admin authorization, reducing broad external risk but increasing concern if admin accounts are compromised or loosely controlled.

Researcher notes

Key constraints are high privileges and IBM Cloud APM 8.1.4 specificity. The source bundle does not include exploit proof, CWE mapping, or detailed patch version data. Avoid assuming broader IBM monitoring products are affected without vendor confirmation.

Mitigation direction

  • Review IBM advisory 6417137 and X-Force 187861 for official remediation guidance.
  • Restrict IBM Cloud APM administrative access to trusted, necessary users only.
  • Audit Cloud Event Management webhook URL definitions for unexpected or malformed hostnames.
  • Monitor DNS queries originating from IBM Cloud APM servers for unusual patterns.
  • Apply any IBM-provided fix or supported upgrade path after change testing.

Validation and detection

  • Confirm whether IBM Cloud APM 8.1.4 is deployed in the environment.
  • Identify who can administer Cloud Event Management webhook URL configuration.
  • Review webhook definitions for values that are not legitimate hostnames.
  • Check DNS logs for unusual queries from affected APM servers.
  • Verify remediation status against the IBM support advisory.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2020-4719 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Medium
CVSS
4.9 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/UI:N/PR:H/I:H/AV:N/A:N/S:U/C:N/AC:L/RL:O/RC:C/E:U

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
3Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
4.9CVSS 3.0MediumCVSS:3.0/UI:N/PR:H/I:H/AV:N/A:N/S:U/C:N/AC:L/RL:O/RC:C/E:U1.23.6Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

4.9Medium
CVSS 3.0 vector shape for CVE-2020-4719Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/UI:N/PR:H/I:H/AV:N/A:N/S:U/C:N/AC:L/RL:O/RC:C/E:U

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
IBMCloud APM8.1.4Listed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.