Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4B4467FE51CE7A996C22E771DED2C57AD35896A2B4B452E030BB2F01DBD66620
HistorySep 20, 2021 - 11:31 a.m.

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to arbitrary code execution via CVE-2021-23440

2021-09-2011:31:44
www.ibm.com
9

0.064 Low

EPSS

Percentile

93.7%

JSON

Summary

IBM App Connect Enterprise Certified Container may be vulnerable to arbitrary code execution via CVE-2021-23440. This only affects App Connect Dashboards

Vulnerability Details

CVEID:CVE-2021-23440
**DESCRIPTION:**Nodejs set-value module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 7.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209431 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
App Connect Enterprise Certified Container 1.0 with Operator
App Connect Enterprise Certified Container 1.1 with Operator
App Connect Enterprise Certified Container 1.2 with Operator

Remediation/Fixes

App Connect Enterprise Certified Container 1.0 and 1.2

Upgrade to App Connect Enterprise Certified Container Operator version 1.3.0 (available in CASE 1.3.0) or higher, and ensure that all Dashboard components are at 11.0.0.11-r2 or higher.

App Connect Enterprise Certified Container 1.1 LTS

Upgrade to App Connect Enterprise Certified Container Operator version 1.1.1 EUS (available in CASE 1.1.1) or higher, and ensure that all Dashboard components are at 11.0.0.12-r1-eus or higher.

Workarounds and Mitigations

None

Related

prion 1
osv 2
nvd 1
cve 1
veracode 1
ibm 9
github 1
cvelist 1
debiancve 1
redhatcve 1
ubuntucve 1
redhat 3
oracle 1
prion
prion
Type confusion
2021-09-12 13:15:00
osv
osv
Prototype Pollution in set-value
2021-09-13 20:09:36
CVE-2021-23440
2021-09-12 13:15:07
nvd
nvd
CVE-2021-23440
2021-09-12 13:15:07
cve
cve
CVE-2021-23440
2021-09-12 13:15:07
veracode
veracode
Prototype Pollution
2021-09-13 06:49:21
ibm
ibm
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js
2021-11-30 16:26:43
Security Bulletin: QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)
2023-06-06 20:02:06
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may vulnerable to denial of service, spoofing attacks via dependent JavaScript libraries (CVE-2021-23440, CVE-2018-25031, CVE-2022-46175, CVE-2022-37599, CVE-2022-37603)
2023-08-29 21:45:05
github
github
Prototype Pollution in set-value
2021-09-13 20:09:36
cvelist
cvelist
CVE-2021-23440 Prototype Pollution
2021-09-12 00:00:00
debiancve
debiancve
CVE-2021-23440
2021-09-12 13:15:07
redhatcve
redhatcve
CVE-2021-23440
2021-09-16 15:05:30
ubuntucve
ubuntucve
CVE-2021-23440
2021-09-12 00:00:00
redhat
redhat
(RHSA-2021:3873) Important: Red Hat Advanced Cluster Management 2.2.9 security, bug, and container updates
2021-10-14 19:47:17
(RHSA-2022:6156) Important: Red Hat OpenShift Data Foundation 4.11.0 security, enhancement, & bugfix update
2022-08-24 13:44:13
(RHSA-2021:5038) Low: Red Hat Advanced Cluster Management 2.2.10 security updates and bug fixes
2021-12-08 21:27:56
oracle
oracle
Oracle Critical Patch Update Advisory - January 2022
2022-01-18 00:00:00

0.064 Low

EPSS

Percentile

93.7%

JSON
Related for 4B4467FE51CE7A996C22E771DED2C57AD35896A2B4B452E030BB2F01DBD66620
prion1osv2nvd1cve1veracode1ibm9github1cvelist1debiancve1redhatcve1ubuntucve1redhat3oracle1