Lucene search

IBM5204B440FE56828C39354BC5583A90255378B89C83164971027AE4B184A05B5F

HistoryJun 17, 2018 - 10:33 p.m.

Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics (CVE-2017-14919)

2018-06-1722:33:37

www.ibm.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Summary

A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics (CVE-2017-14919)

Vulnerability Details

Title****
Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics (CVE-2017-14919)

Summary

NodeJS is shipped as a component of IBM Cloud Schematics. Information about a security vulnerability affecting NodeJS** **has been published in a security bulletin.

Vulnerability Details

Please consult the security bulletin <https://nvd.nist.gov/vuln/detail/CVE-2017-14919> for vulnerability details and information about fixes.

Affected Products and Versions

Principal Product and Version(s)	Affected Supporting Product and Version
IBM Cloud Schematics

SaaS

| NodeJS

4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0

Reemediation/Fixes

Refer to the following security bulletins for vulnerability details and information about fixes addressed by NodeJS which is/are shipped with IBM Cloud Schematics.
<https://nvd.nist.gov/vuln/detail/CVE-2017-14919>

IBM Cloud Schematics was upgraded to NodeJS 6.11.5 on November, 23th 2017

Mitigation/Workarounds

- no migration required
- no workarounds available

Related Information (DCF will auto include the first 2 links below)

_IBM Secure Engineering Web Portal __
_IBM Product Security Incident Response Blog

CPENameOperatorVersion
ibm cloud schematicseqany

CPE	Name	Operator	Version
	ibm cloud schematics	eq	any

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

Related for 5204B440FE56828C39354BC5583A90255378B89C83164971027AE4B184A05B5F