Lucene search

K
ibmIBM46CE56C60CF59C2CE96E832E3949D9036A709BD9A0B3F2E5A02B11F84C34294E
HistoryDec 20, 2019 - 8:47 a.m.

Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358)

2019-12-2008:47:33
www.ibm.com
33
ibm tivoli netcool
jquery vulnerability
cve-2019-11358
security bulletin
object.prototype pollution
cvss base score 6.1
apar ij17708

EPSS

0.024

Percentile

90.2%

Summary

IBM Tivoli Netcool Impact has addressed the following jQuery vulnerability.

Vulnerability Details

CVEID:CVE-2019-11358
**DESCRIPTION:**jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/159633 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Tivoli Netcool Impact 7.1.0 7.1.0.0~7.1.0.16

Remediation/Fixes

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Netcool Impact 7.1.0| 7.1.0.17| IJ17708| IBM Tivoli Netcool Impact 7.1.0 FP17

Workarounds and Mitigations

| VRMF| APAR| Remediation/First Fix
—|—|—|—
IBM Tivoli Netcool Impact 7.1.0| 7.1.0.17| IJ17708| IBM Tivoli Netcool Impact 7.1.0 FP17