8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
Buffer overflow in the Google V8 Javascript implementation used by IBM SDK for Node.js
CVEID: CVE-2016-1669**
DESCRIPTION:** Google Chrome is vulnerable to a buffer overflow, caused by an error in V8. By persuading a victim to visit a specially-crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base Score: 6.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/113145> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
These vulnerabilities affect IBM SDK for Node.js v1.1.1.2 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v1.2.0.13 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v4.4.5.0 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v6.1.0.0 and previous releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v1.1.1.3 and subsequent releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v1.2.0.14 and subsequent releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v4.4.6.0 and subsequent releases.
The fixes for these vulnerabilities are included in IBM SDK for Node.js v6.2.0.0 and subsequent releases.
IBM SDK for Node.js can be downloaded, subject to the terms of the developerWorks license, from here.
IBM customers requiring an update for an SDK shipped with an IBM product should contact IBM support, and/or refer to the appropriate product security bulletin.
CPE | Name | Operator | Version |
---|---|---|---|
ibm sdk for node.js | eq | 1.1 | |
ibm sdk for node.js | eq | 1.2 | |
ibm sdk for node.js | eq | 4.0 | |
ibm sdk for node.js | eq | 6.0 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C