Lucene search

IBMD224038BE1C5B28D93803F4019B326C9B17606EF82CD73FB95293E7CA7C36468

HistorySep 21, 2022 - 9:52 a.m.

Security Bulletin: A security vulnerability in Nodejs node-fetch affects IBM Cloud Pak for Multicloud Management Managed Services

2022-09-2109:52:04

www.ibm.com

node.js

node-fetch

ibm cloud pak

multicloud management

security vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Summary

Security Bulletin: A security vulnerability in Nodejs node-fetch affects IBM Cloud Pak for Multicloud Management Managed Services

Vulnerability Details

CVEID:CVE-2022-0235
**DESCRIPTION:**Node.js node-fetch could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when fetching a remote url with Cookie. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/217758 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

Affected Products and Versions

Affected Product(s)	Version(s)
IBM Cloud Pak for Multicloud Management Infrastructure Management	All

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3 Fix Pack 5 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=upgrade-upgrading-fix-pack-5>

Workarounds and Mitigations

None

Affected configurations

Vulners

Node

ibmcloud_pak_for_multicloud_managementMatch2.3.

CPENameOperatorVersion
ibm cloud pak for multicloud managementeq2.3.

CPE	Name	Operator	Version
	ibm cloud pak for multicloud management	eq	2.3.

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.004 Low

EPSS

Percentile

72.3%

JSON

Related for D224038BE1C5B28D93803F4019B326C9B17606EF82CD73FB95293E7CA7C36468