Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC2C7674EB9B444A6BE917D119B53EC20B078569B3260D13B52EA954EF1D0C361
HistoryMay 15, 2023 - 4:57 p.m.

Security Bulletin: Open Source Dependency Vulnerability

2023-05-1516:57:04
www.ibm.com
12
ibm edge application manager
json5
prototype pollution
remote code execution
docker
ibm entitled registry

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.0%

JSON

Summary

IBM Edge Application Manager 4.5 has resolved the vulnerability.

Vulnerability Details

CVEID:CVE-2022-46175
**DESCRIPTION:**JSON5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the parse method. By adding or modifying properties of Object.prototype using a proto or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
CVSS Base score: 7.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/242965 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Edge Application Manager 4.4
IBM Edge Application Manager 4.3

Remediation/Fixes

The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmedge_application_managerMatch4.3
OR
ibmedge_application_managerMatch4.4

Related

ibm 19
osv 4
openvas 3
nessus 12
cvelist 1
cve 1
fedora 1
debian 1
debiancve 1
prion 1
ubuntu 1
veracode 1
github 2
nvd 1
redhatcve 1
ubuntucve 1
redhat 9
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2022-46175]
2023-02-02 20:17:31
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Node.js json5
2023-01-30 18:18:39
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to JSON5 code execution (CVE-2022-46175)
2023-02-21 16:06:12
osv
osv
node-json5 - security update
2023-11-25 00:00:00
Prototype Pollution in JSON5 via Parse Method
2022-12-29 01:51:03
node-json5 vulnerability
2024-04-30 10:50:09
openvas
openvas
Fedora: Security Advisory for pgadmin4 (FEDORA-2023-e7297a4aeb)
2023-01-30 00:00:00
Ubuntu: Security Advisory (USN-6758-1)
2024-05-01 00:00:00
Debian: Security Advisory (DLA-3665-1)
2023-11-27 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : JSON5 vulnerability (USN-6758-1)
2024-04-30 00:00:00
Fedora 37 : pgadmin4 (2023-e7297a4aeb)
2023-01-29 00:00:00
Debian DLA-3665-1 : node-json5 - LTS security update
2023-11-25 00:00:00
cvelist
cvelist
CVE-2022-46175
2022-12-24 00:00:00
cve
cve
CVE-2022-46175
2022-12-24 04:15:08
fedora
fedora
[SECURITY] Fedora 37 Update: pgadmin4-6.19-1.fc37
2023-01-30 01:27:10
debian
debian
[SECURITY] [DLA 3665-1] node-json5 security update
2023-11-25 22:33:10
debiancve
debiancve
CVE-2022-46175
2022-12-24 04:15:08
prion
prion
Cross site scripting
2022-12-24 04:15:00
ubuntu
ubuntu
JSON5 vulnerability
2024-04-30 00:00:00
veracode
veracode
Prototype Pollution
2023-01-05 07:22:55
github
github
Prototype Pollution in JSON5 via Parse Method
2022-12-29 01:51:03
Private vulnerability reporting now generally available
2023-04-19 16:00:41
nvd
nvd
CVE-2022-46175
2022-12-24 04:15:08
redhatcve
redhatcve
CVE-2022-46175
2022-12-26 05:05:00
ubuntucve
ubuntucve
CVE-2022-46175
2022-12-24 00:00:00
redhat
redhat
(RHSA-2023:0634) Moderate: Red Hat OpenShift (Logging Subsystem) security update
2023-02-09 13:59:38
(RHSA-2023:1045) Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 9
2023-03-01 21:38:48
(RHSA-2023:1043) Important: Red Hat Single Sign-On 7.6.2 security update on RHEL 7
2023-03-01 21:38:43

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.006 Low

EPSS

Percentile

78.0%

JSON
Related for C2C7674EB9B444A6BE917D119B53EC20B078569B3260D13B52EA954EF1D0C361
ibm19osv4openvas3nessus12cvelist1cve1fedora1debian1debiancve1prion1ubuntu1veracode1github2nvd1redhatcve1ubuntucve1redhat9