Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMCB9D1D29036E5DC25ABCC36911C6C89BDE80FA18089194AE217B32B3B9278D35
HistoryMay 15, 2023 - 5:30 p.m.

Security Bulletin: Open Source Dependency Vulnerability

2023-05-1517:30:49
www.ibm.com
8
JSON

Summary

IBM Edge Application Manager 4.5 has resolved the vulnerability.

Vulnerability Details

**IBM X-Force ID:**239925
**DESCRIPTION:**Apollo GraphQL Apollo Server is vulnerable to web cache poisoning, caused by improper handling of cache-control response header. By modifying HTTP request headers, an attacker could exploit this vulnerability to perform cache poisoning attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/239925 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Edge Application Manager 4.4
IBM Edge Application Manager 4.3

Remediation/Fixes

The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.

Workarounds and Mitigations

None

JSON