Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM49C34992AFAE81FC539634C0829A132ADB4D8EDC35A9EBE2DCCAA56075DE4BB9
HistoryJul 08, 2021 - 8:26 p.m.

Security Bulletin: IBM InfoSphere Information Server is vulnerable to a denial of service vulnerability in Angular.js

2021-07-0820:26:47
www.ibm.com
18

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

75.0%

JSON

Summary

A denial of service vulnerability in Angular.js used by IBM InfoSphere Information Analyzer was addressed.

Vulnerability Details

CVEID:CVE-2016-4055
**DESCRIPTION:**The Node.js moment module is vulnerable to a denial of service, caused by an error in the regular expression implementation. An attacker could exploit this vulnerability using a regular expression to cause the application to hang.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/112574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Analyzer, Information Server on Cloud 11.7 JR63476
--Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.0 Fix Pack 1
--Apply InfoSphere Information Server 11.7.1.1 Service Pack 2

For Red Hat 8 installations contact IBM Customer support

Contact Technical Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm infosphere information servereqany

Related

github 1
debiancve 2
prion 2
osv 4
nodejs 1
ubuntucve 2
cve 2
openvas 2
nessus 4
ubuntu 1
redhatcve 1
atlassian 1
ibm 4
oracle 1
github
github
Regular Expression Denial of Service in moment
2017-10-24 18:33:35
debiancve
debiancve
CVE-2016-4055
2017-01-23 21:59:00
CVE-2017-18214
2018-03-04 21:29:00
prion
prion
Deserialization of untrusted data
2017-01-23 21:59:00
Design/Logic Flaw
2018-03-04 21:29:00
osv
osv
CVE-2016-4055
2017-01-23 21:59:01
Regular Expression Denial of Service in moment
2017-10-24 18:33:35
node-moment vulnerabilities
2021-03-15 21:04:13
nodejs
nodejs
Regular Expression Denial of Service
2015-10-26 23:19:57
ubuntucve
ubuntucve
CVE-2016-4055
2017-01-23 00:00:00
CVE-2017-18214
2018-03-04 00:00:00
cve
cve
CVE-2016-4055
2017-01-23 21:59:00
CVE-2017-18214
2018-03-04 21:29:00
openvas
openvas
Ubuntu: Security Advisory (USN-4786-1)
2023-01-27 00:00:00
Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)
2019-04-02 00:00:00
nessus
nessus
Ubuntu 16.04 ESM : Moment.js vulnerabilities (USN-4786-1)
2023-10-23 00:00:00
Atlassian Jira < 8.20.9 / 8.22.0 (JRASERVER-73244)
2022-07-06 00:00:00
Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)
2019-03-28 00:00:00
ubuntu
ubuntu
Moment.js vulnerabilities
2021-03-15 00:00:00
redhatcve
redhatcve
CVE-2017-18214
2018-03-08 20:19:26
atlassian
atlassian
Upgrade Moment.js to 2.22.1+ as required for CVE-2017-18214, CVE-2016-4055
2022-02-01 19:34:22
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2017-18214, CVE-2016-4055, CVE-2021-20413)
2021-06-25 09:04:16
Security Bulletin: There is a vulnerability in moment.js used by IBM Jazz Reporting Service (CVE-2022-24785)
2023-10-04 10:43:28
Security Bulletin: IBM Planning Analytics Workspace is affected by multiple vulnerabilities (CVE-2022-22968, CVE-2022-24785, CVE-2017-18214, CVE-2016-4055, CVE-2018-1000613, CVE-2020-15522, CVE-2018-1000180, CVE-2020-26939, CVE-2022-22314)
2022-09-06 19:57:58
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.006 Low

EPSS

Percentile

75.0%

JSON
Related for 49C34992AFAE81FC539634C0829A132ADB4D8EDC35A9EBE2DCCAA56075DE4BB9
github1debiancve2prion2osv4nodejs1ubuntucve2cve2openvas2nessus4ubuntu1redhatcve1atlassian1ibm4oracle1