Lucene search

IBM89EB8E65F59701841126171F6B7AAB18BFD4FF924FD7A5137B370BA70A4A7D13

HistoryDec 15, 2020 - 5:35 p.m.

Security Bulletin: A security vulnerability in Node.js bl module affects IBM Cloud Pak for Multicloud Management Managed Service.

2020-12-1517:35:27

www.ibm.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Summary

A security vulnerability in Node.js bl module affects IBM Cloud Pak for Multicloud Management Infrastructure Management Managed Service.

Vulnerability Details

CVEID:CVE-2020-8244
**DESCRIPTION:**Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer over-read flaw in the consume function. By sending a specially-crafted argument, an attacker could exploit this vulnerability to obtain sensitive information, or cause a denial of service condition.
CVSS Base score: 8.2
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/187518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Multicloud Management Infrastructure Management	2.0
IBM Cloud Pak for Multicloud Management Infrastructure Management	2.1

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.2 by following the instructions in https://www.ibm.com/support/knowledgecenter/en/SSFC4F_2.2.0/install/upgrade.html.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm cloud pak for multicloud managementeq2.2

CPE	Name	Operator	Version
	ibm cloud pak for multicloud management	eq	2.2

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

JSON

Related for 89EB8E65F59701841126171F6B7AAB18BFD4FF924FD7A5137B370BA70A4A7D13