Lucene search
IBM5A92F226FB1AD5C0A26E79FEA7F5A169E0099442EF66208413981EB804ED87CDHistorySep 26, 2023 - 6:24 p.m.
Security Bulletin: semver-6.3.0.tgz is vulnerable to CVE-2022-25883 used in IBM Maximo Application Suite - Monitor Component
2023-09-2618:24:30
www.ibm.com
32
ibm maximo
monitor component
cve-2022-25883
semver
denial of service
0.001 Low
EPSS
Percentile
41.9%
Summary
IBM Maximo Application Suite - Monitor Component uses semver which is vulnerable to CVE-2022-25883.
Vulnerability Details
CVEID:CVE-2022-25883
**DESCRIPTION:**Node.js semver package is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the new Range function. By providing specially crafted regex input, a remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/258647 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Maximo Application Suite - Monitor Component | 8.10 |
Remediation/Fixes
| Affected Product(s) | Fixpack Version(s) |
|---|---|
| IBM Maximo Application Suite - Monitor Component | 8.10.5 or latest (available from the Catalog under Update Available) |
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm maximo application suite | eq | 8.9 | |
| ibm maximo application suite | eq | 8.10 |
Related
nessus
nessus
RHEL 6 : nodejs-semver (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 7 : nodejs-semver (Unpatched Vulnerability)
2024-05-11 00:00:00
cvelist
cvelist
CVE-2022-25883
2023-06-21 05:00:03
ibm
ibm
debiancve
debiancve
CVE-2022-25883
2023-06-21 05:15:00
cbl_mariner
cbl_mariner
CVE-2022-25883 affecting package nodejs for versions less than 16.20.1-2
2023-08-03 02:51:21
CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3
2023-08-03 02:51:21
osv
osv
semver vulnerable to Regular Expression Denial of Service
2023-06-21 06:30:28
CVE-2022-25883
2023-06-21 05:15:09
Stylelint has vulnerability in semver dependency
2023-07-07 20:32:55
cve
cve
CVE-2022-25883
2023-06-21 05:15:00
github
github
semver vulnerable to Regular Expression Denial of Service
2023-06-21 06:30:28
Stylelint has vulnerability in semver dependency
2023-07-07 20:32:55
ubuntucve
ubuntucve
CVE-2022-25883
2023-06-21 00:00:00
cgr
cgr
CVE-2022-25883 vulnerabilities
2024-05-19 03:07:16
prion
prion
Code injection
2023-06-21 05:15:00
redhatcve
redhatcve
CVE-2022-25883
2023-07-12 14:35:38
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2023-06-29 11:12:31
redhat
redhat
oraclelinux
oraclelinux
nodejs:18 security, bug fix, and enhancement update
2023-09-28 00:00:00
nodejs:16 security, bug fix, and enhancement update
2023-09-28 00:00:00
nodejs:18 security, bug fix, and enhancement update
2023-10-05 00:00:00
almalinux
almalinux
Important: nodejs:18 security, bug fix, and enhancement update
2023-09-26 00:00:00
Important: nodejs:18 security, bug fix, and enhancement update
2023-09-26 00:00:00
Important: nodejs:16 security, bug fix, and enhancement update
2023-09-26 00:00:00
rocky
rocky
nodejs:18 security, bug fix, and enhancement update
2023-10-05 21:35:58
0.001 Low
EPSS
Percentile
41.9%
Related for 5A92F226FB1AD5C0A26E79FEA7F5A169E0099442EF66208413981EB804ED87CD