Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM788CB1749763BB436C537B622F7F389090B554212CC0789ECDA0BD897866629B
HistoryFeb 01, 2023 - 8:06 p.m.

Security Bulletin: Vulnerability in min-dash affects IBM Process Mining [CVE-2021-23460]

2023-02-0120:06:09
www.ibm.com
6
node.js
min-dash
remote attacker
arbitrary code execution
prototype pollution
ibm process mining
vulnerability
cve-2021-23460
security fixes
upgrade

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.2%

JSON

Summary

There is a vulnerability in min-dash that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. [CVE-2021-23460]

Vulnerability Details

CVEID:CVE-2021-23460
**DESCRIPTION:**Node.js min-dash module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the set method. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217757 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Process Mining 1.13.1

Remediation/Fixes

Remediation/Fixes guidance:

IBM strongly suggests the following:

Product(s) **Version(s) number and/or range ** Remediation/Fix/Instructions
IBM Process Mining 1.13.1

Upgrade to version 1.13.2

1.Login to PassPortAdvantage

2. Search for
M09PSML Process Mining 1.13.2 Server Multiplatform Multilingual

3. Download package

4. Follow install instructions

5. Repeat for M09PTML
Process Mining 1.13.2 Client Windows Multilingual

| |

Workarounds and Mitigations

None Known

Affected configurations

Vulners
Node
ibmcloud_pak_for_automationMatch1.13.1
VendorProductVersionCPE
ibmcloud_pak_for_automation1.13.1cpe:2.3:a:ibm:cloud_pak_for_automation:1.13.1:*:*:*:*:*:*:*

Related

nvd 1
veracode 1
osv 2
prion 1
cvelist 1
github 1
cve 1
nvd
nvd
CVE-2021-23460
2022-01-21 20:15:07
veracode
veracode
Prototype Pollution
2022-01-24 04:40:28
osv
osv
Prototype Pollution in min-dash
2022-01-27 14:21:53
CVE-2021-23460
2022-01-21 20:15:07
prion
prion
Design/Logic Flaw
2022-01-21 20:15:00
cvelist
cvelist
CVE-2021-23460 Prototype Pollution
2022-01-21 20:05:13
github
github
Prototype Pollution in min-dash
2022-01-27 14:21:53
cve
cve
CVE-2021-23460
2022-01-21 20:15:07

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.007

Percentile

80.2%

JSON
Related for 788CB1749763BB436C537B622F7F389090B554212CC0789ECDA0BD897866629B
nvd1veracode1osv2prion1cvelist1github1cve1