IBMD68F8BB932262F91857BAEEC95581BD6390E99A4AA2967275D110276D457C5EESecurity Bulletin: IBM Cloud Transformation Advisor is affected by Node.js vulnerability
0.009 Low
EPSS
Percentile
82.9%
Summary
IBM Cloud Transformation Advisor has addressed Node.js vulnerability CVE-2017-16086
Vulnerability Details
CVEID:CVE-2017-16086
**DESCRIPTION:**Node.js ua-parser module is vulnerable to a denial of service. By sending a specially crafted UserAgent header, a remote attacker could exploit this vulnerability to cause a ReDoS (Regular Expression Denial of Service) attack.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/136166 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Products and Versions
| Affected Product(s) | Version(s) |
|---|---|
| IBM Cloud Transformation Advisor | 2.4.0, 2.4.1 |
Remediation/Fixes
Upgrade to 2.4.2 or later.
IBM Cloud Transformation Advisor can be installed from OperatorHub page in Red Hat OpenShift Container Platform or locally following this link.
Workarounds and Mitigations
None
| CPE | Name | Operator | Version |
|---|---|---|---|
| ibm cloud transformation advisor | eq | 2.0 |
Related
0.009 Low
EPSS
Percentile
82.9%