IBM Integration Bus has addressed the following vulnerabilities
CVEID:CVE-2017-1000381**
DESCRIPTION: *c-ares could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the ares_parse_naptr_reply() function when parsing NAPTR responses. By sending specially crafted DNS response packet, an attacker could exploit this vulnerability to read memory outside of the given input buffer and cause a denial of service.
CVSS Base Score: 6.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/128625 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
**
CVEID: CVE-2017-11499
DESCRIPTION: *Node.js is vulnerable to a denial of service, caused by a flaw related to constant HashTable seeds. A remote attacker could exploit this vulnerability to flood the hash and cause a denial of service.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/129465 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
IBM Integration Bus V10.0.0.0 - V10.0.0.9
Product
|
VRMF
|
APAR
|
Remediation / Fix
—|—|—|—
IBM Integration Bus| V10.0.0.0 to V10.0.0.9| APAR IT21763 | The APAR is available in fix pack 10.0.0.10
http://www-01.ibm.com/support/docview.wss?uid=swg24043943