Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM1373F868FAFA5CC96D7B82866D74D3D98D27493A85F54A4682D28B48A6643A4F
HistoryJun 11, 2024 - 8:00 p.m.

Security Bulletin: Vulnerabilities in axios affect IBM Voice Gateway

2024-06-1120:00:04
www.ibm.com
4
ibm voice gateway
axios
node.js
vulnerability
denial of service
prototype pollution
upgrade

8.1 High

AI Score

Confidence

High

JSON

Summary

Security Vulnerabilities in axios affect IBM Voice Gateway. The vulnerabilities have been addressed.

Vulnerability Details

**IBM X-Force ID:**294242
**DESCRIPTION:**Node.js Axios module is vulnerable to a denial of service, caused by a prototype pollution in the formDataToJSON function. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to possibly execute arbitrary code or cause a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/294242 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
Voice Gateway 1.0.7
Voice Gateway 1.0.6
Voice Gateway 1.0.2.4
Voice Gateway 1.0.4
Voice Gateway 1.0.7.1
Voice Gateway 1.0.2
Voice Gateway 1.0.8
Voice Gateway 1.0.5
Voice Gateway 1.0.3

Remediation/Fixes

IBM strongly suggests upgrading to the following IBM Voice Gateway 1.0.8.x images:

ibmcom/voice-gateway-mr:1.0.8.19

The above images can be found at the below links:
<https://hub.docker.com/r/ibmcom/voice-gateway-mr/tags&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmdatapower_gatewayMatchany
CPENameOperatorVersion
ibm voice gatewayeqany

8.1 High

AI Score

Confidence

High

JSON