IBM DataPower Gateways has addressed vulnerabilities in Node.js V8 processing that could cause a denial of service or remote code execution.
CVEID: CVE-2016-1669**
DESCRIPTION:** Node.js V8 processing is vulnerable to a buffer overflow, caused by an error in V8. By persuading a victim to visit a specially crafted website, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/113145 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
IBM DataPower Gateways appliances all supported versions through 7.0.0.14, 7.1.0.11, 7.2.0.8, 7.5.0.2, and 7.5.1.1.
Fix is available in versions 7.0.0.15, 7.1.0.12, 7.2.0.9, 7.5.0.3 and 7.5.1.2. Refer to APAR IT16279 for URLs to download the fix.
You should verify applying this fix does not cause any compatibility issues.
For DataPower customers using versions 6.x and earlier versions, IBM recommends upgrading to a fixed, supported version/release/platform of the product.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm datapower gateway | eq | 7.0.0 | |
ibm datapower gateway | eq | 7.1 | |
ibm datapower gateway | eq | 7.2 | |
ibm datapower gateway | eq | 7.5 | |
ibm datapower gateway | eq | 7.5.1 |