Lucene search

IBM73B9C9A58161BBF31A6FE5E117E77AD152FFE9797D38D94774D9ACF4D6BF8C2B

HistoryMay 17, 2023 - 7:55 p.m.

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js (CVE-2022-0235,CVE-2020-15168)

2023-05-1719:55:11

www.ibm.com

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

Summary

Multiple vulnerabilities in Node.js used by InfoSphere Information Server were addressed.

Vulnerability Details

CVEID:CVE-2022-0235
**DESCRIPTION:**Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url with Cookie. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

CVEID:CVE-2020-15168
**DESCRIPTION:**Node.js node-fetch module is vulnerable to a denial of service, caused by the failure to honor the size option after following a redirect. By using a specially-crafted file, a remote attacker could exploit this vulnerability to consume excessive resource on the system.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/188155 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s)	Version(s)
InfoSphere Information Server	11.7

Remediation/Fixes

Product	VRMF	APAR	Remediation
InfoSphere Information Server, InfoSphere Information Server on Cloud	11.7	DT195852	--Apply IBM InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.4
--Apply InfoSphere Information Server 11.7.1.4 Service pack 1

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm infosphere information servereq11.7

CPE	Name	Operator	Version
	ibm infosphere information server	eq	11.7

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.0%

JSON

Related for 73B9C9A58161BBF31A6FE5E117E77AD152FFE9797D38D94774D9ACF4D6BF8C2B