IBM Edge Application Manager 4.5 has resolved the vulnerability.
**IBM X-Force ID:**239925
**DESCRIPTION:**Apollo GraphQL Apollo Server is vulnerable to web cache poisoning, caused by improper handling of cache-control response header. By modifying HTTP request headers, an attacker could exploit this vulnerability to perform cache poisoning attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239925 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Edge Application Manager | 4.4 |
IBM Edge Application Manager | 4.3 |
The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm edge application manager | eq | 4.3 | |
ibm edge application manager | eq | 4.4 |