3.9 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%
There are vulnerabilities in Node.js undici module used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs.
CVEID:CVE-2024-30261
**DESCRIPTION:**Node.js undici module could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw with fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect. By sending a specially crafted request, an attacker could exploit this vulnerability to allow fetch() accept requests as valid even if they have been tampered…
CVSS Base score: 2.6
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287295 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N)
CVEID:CVE-2024-30260
**DESCRIPTION:**Node.js undici module could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw with not clear Authorization and Proxy-Authorization headers for undici.request(). By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVSS Base score: 3.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/287294 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L)
Affected Product(s) | Version(s) |
---|---|
Decision Optimization for Cloud Pak for Data | All |
Users are strongly encouraged to upgrade to IBM Decision Optimization for IBM Cloud Pak for Data 5.0 and subsequent releases.
Here is the detailed information on Upgrading IBM Cloud Pak for Data
None
CPE | Name | Operator | Version |
---|---|---|---|
decision optimization for cloud pak for data | eq | any |
3.9 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
10.4%