Lucene search

K
ibmIBM6263612F623854B1816D51762475FAFCD97ADE651BE7280B16CBA8CD17414AF3
HistoryDec 15, 2020 - 6:47 p.m.

Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability

2020-12-1518:47:16
www.ibm.com
15

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Summary

Security Bulletin: Version 12.18.4 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability

Vulnerability Details

CVEID:CVE-2020-8277
**DESCRIPTION:**Node.js is vulnerable to a denial of service. By getting the application to resolve a DNS record with a larger number of responses, an attacker could exploit this vulnerability to trigger a DNS request for a host of their choice resulting in a denial of service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/191755 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Event Management on IBM Cloud Private All

Remediation/Fixes

IBM Netcool Operations Insight 1.6.3 includes the fix for this vulnerability. Please see IBM Support to upgrade to Netcool Operations Insight 1.6.3: <https://www.ibm.com/support/pages/node/6221238&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud event managementeq2.5.0

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for 6263612F623854B1816D51762475FAFCD97ADE651BE7280B16CBA8CD17414AF3