Lucene search

K
ibmIBM9219A9C063FEA4685E7627D51A0B46A51FEACD0F96128695848E2E0E303C65E2
HistoryDec 05, 2022 - 7:00 p.m.

Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js denial of service vulnerability (CVE-2019-5737)

2022-12-0519:00:57
www.ibm.com
17
ibm cloud transformation advisor
node.js vulnerability
cve-2019-5737
denial of service

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.013

Percentile

86.4%

Summary

IBM Cloud Transformation Advisor has addressed the following vulnerability. Node.js denial of service vulnerability (CVE-2019-5737)

Vulnerability Details

**CVEID:*CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and associated resources to stay alive for a long period of time, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/158093 for the current score
CVSS Environmental Score
: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Cloud Transformation Advisor Continuous Delivery

Remediation/Fixes

IBM Cloud Transformation Advisor

Upgrade to 1.9.6 or later

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmcloud_transformation_advisorMatchany
VendorProductVersionCPE
ibmcloud_transformation_advisoranycpe:2.3:a:ibm:cloud_transformation_advisor:any:*:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.013

Percentile

86.4%