There is a Dojo vulnerability in IBM WebSphere Liberty that affects IBM WIoTP MessageGateway.
CVEID:CVE-2020-5258
**DESCRIPTION:**Dojo dojo could allow a remote attacker to inject arbitrary code on the system, caused by a prototype pollution flaw. By injecting other values, an attacker could exploit this vulnerability to overwrite, or pollute, a JavaScript application object prototype of the base object.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/177751 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM IoT MessageSight | 2.0 |
IBM WIoTP MessageGateway | 5.0.0.1 |
IBM IoT MessageSight | 5.0.0.0 |
Product
| VRMF| APAR| Remediation/First Fix
โ|โ|โ|โ
IBM WIoTP MessageGateway|
5.0.0.2
|
IT37191
| 5.0.0.2-IBM-IMA-IFIT37191
IBM MessageSight|
5.0.0.0
|
IT37191
| 5.0.0.0-IBM-IMA-IFIT37191
IBM MessageSight|
2.0.0.2
|
IT37191
None