Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM399578D218F35FC9D6675721AF7C39D2DA55885F05A6050C33C7471B98FF567A
HistorySep 30, 2022 - 1:43 p.m.

Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)

2022-09-3013:43:41
www.ibm.com
14

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.9%

JSON

Summary

This security vulnerability affects the Node.js jose module that is used by IBM Event Streams.

Vulnerability Details

CVEID:CVE-2022-36083
**DESCRIPTION:**Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using the p2c JOSE Header Parameter, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time, and results in a denial of service condition.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235579 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Event Streams

10.0.0, 10.1.0, 10.2.0-eus, 10.2.1-eus, 10.3.0, 10.3.1, 10.4.0, 10.5.0, 11.0.0, 11.0.1, 11.0.2, 11.0.3

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading

Upgrade to IBM Event Streams 11.0.4 by following the upgrading and migrating documentation.

Workarounds and Mitigations

None

Related

prion 1
osv 2
github 1
ubuntucve 1
ibm 4
veracode 1
debiancve 1
cve 1
prion
prion
Default credentials
2022-09-07 22:15:00
osv
osv
JOSE vulnerable to resource exhaustion via specifically crafted JWE
2022-09-16 17:44:42
CVE-2022-36083
2022-09-07 22:15:08
github
github
JOSE vulnerable to resource exhaustion via specifically crafted JWE
2022-09-16 17:44:42
ubuntucve
ubuntucve
CVE-2022-36083
2022-09-07 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to denial of service due to CVE-2022-36083
2022-11-04 18:26:34
Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1
2022-11-23 22:42:31
Security Bulletin: Netcool Operations Insights 1.6.10 addresses multiple security vulnerabilities.
2023-09-27 21:11:57
veracode
veracode
Denial Of Service (DoS)
2022-09-08 04:54:17
debiancve
debiancve
CVE-2022-36083
2022-09-07 22:15:00
cve
cve
CVE-2022-36083
2022-09-07 22:15:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

40.9%

JSON
Related for 399578D218F35FC9D6675721AF7C39D2DA55885F05A6050C33C7471B98FF567A
prion1osv2github1ubuntucve1ibm4veracode1debiancve1cve1