There is a vulnerability in Apache Commons Compress used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVE in a later version.
CVEID: CVE-2018-11771 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by the failure to return the correct EOF indication after the end of the stream has been reached by the ZipArchiveInputStream method. By reading a specially crafted ZIP archive, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVSS Base Score: 3.1
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/148429> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L)
IBM Cloud App Management V2018.2.0
IBM Cloud App Management V2018.4.0
IBM Cloud App Management V2018.4.1
IBM Cloud App Management V2018 was updated to use a later version of Apache Commons. Install IBM Cloud App Management V2019.2.0 to address these security vulnerabilities. IBM Cloud App Management V2019.2.0 is available on IBM Passport Advantage.
None