IBM0AA7AF851AA6413E5F9270BBA1DA5FE9C7A85B8DBD51BD1E45D6B1B2CD61EA14Security Bulletin: A vulnerability in Node.js affects IBM Rational® Application Developer for WebSphere® Software (CVE-2024-36138)
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.5%
Summary
Node.js is used as runtime and SDK for Apache Cordova applications within IBM Rational® Application Developer for WebSphere® Software. Information about security vulnerabilities affecting Node.js has been published in a security bulletin.
Vulnerability Details
Refer to the security bulletin(s) listed in the Remediation/Fixes section
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| Rational Application Developer | 9.6 |
| Rational Application Developer | 9.7 |
Remediation/Fixes
IBM strongly recommends addressing the vulnerability now by upgrading to Node.js latest-18.x, please follow Upgrading the Node.js that is used by Cordova or NodeRed to upgrade.
Workarounds and Mitigations
None
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ibm | rational_application_developer_for_websphere_software | 9.6 | cpe:2.3:a:ibm:rational_application_developer_for_websphere_software:9.6:*:*:*:*:*:*:* |
| ibm | rational_application_developer_for_websphere_software | 9.7 | cpe:2.3:a:ibm:rational_application_developer_for_websphere_software:9.7:*:*:*:*:*:*:* |
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
9.5%