Lucene search

K
ibmIBM21B02D18E32F09D48FE92BC65E61A13FAD9D6B51E1A0378A86B22A2A397B5DD1
HistoryNov 29, 2023 - 10:28 p.m.

Security Bulletin: IBM Event Streams is affected by a vulnerability in Node.js (CVE-2023-32559)

2023-11-2922:28:49
www.ibm.com
10
ibm event streams
node.js
vulnerability
cve-2023-32559
upgrade

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%

Summary

This security vulnerability affects a required node.js module within IBM Event Streams UI component. (CVE-2023-32559)

Vulnerability Details

CVEID:CVE-2023-32559
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions, caused by the use of the deprecated API process.binding(). By sending a specially crafted request, an attacker could exploit this vulnerability to bypass the permission policy mechanism.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/262902 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Streams 10.0.0-11.2.5

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

IBM Event Streams (Continuous Delivery)

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmevent_streamsRange10.0.0โ‰ฅ
OR
ibmevent_streamsRangeโ‰ค11.2.5

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.3%