Lucene search

K
ibmIBMF4692B505BC9E264AA4E55EF77DDB690587AD3D9F6CAEEE155782770E30A551F
HistoryNov 09, 2021 - 6:08 p.m.

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services

2021-11-0918:08:04
www.ibm.com
10

EPSS

0.015

Percentile

87.1%

Summary

A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services.

Vulnerability Details

CVEID:CVE-2021-22931
**DESCRIPTION:**Node.js could provide weaker than expected security, caused by missing input validation on hostnames returned by DNS servers. An attacker could exploit this vulnerability to cause output of wrong hostnames leading to Domain Hijacking and and injection vulnerabilities in applications using the library.
CVSS Base score: 5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207230 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Multicloud Management Infrastructure Management All

Remediation/Fixes

Upgrade to IBM Cloud Pak for Multicloud Management 2.3.x Fix Pack 2 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=upgrade-upgrading-fix-pack-2.&gt;

Workarounds and Mitigations

None