10 matches found
Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js and Spring Data MongoDB
Summary IBM Planning Analytics Workspace is affected by vulnerabilties in Node.js and Spring Data MongoDB CVE-2022-32212, CVE-2022-32213, CVE-2022-32223, CVE-2022-32214, CVE-2022-32222, CVE-2022-32215, CVE-2022-22980 Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...
Node.js 14.x < 14.20.1 / 16.x < 16.17.1 / 18.x < 18.9.1 Multiple Vulnerabilities (September 23rd 2022 Security Releases).
The version of Node.js installed on the remote host is prior to 14.20.1, 16.17.1, 18.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the September 23rd 2022 Security Releases advisory. - The fix for CVE-2022-32212, covered the cases for routable IP addresses, however,...
Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)
Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the...
CVE-2022-32222
creationtimestamp| type| source ---|---|--- 2022-07-14 18:32:43+00:00| seen| https://t.me/cibsecurity/46247...
CVE-2022-32222
CVE-2022-32222 affects Node.js on Linux, in the 18.x line prior to 18.40.0. The vulnerability stems from a default path for openssl.cnf that could become accessible to a non-admin user instead of /etc/ssl. The initial description does not quantify exploitation probability beyond access, but the p...
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...
Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to HTTP request smuggling due to NodeJS
Summary NodeJS is used by IBM Answer Retrieval for Watson Discovery. The fix upgrades to NodeJS 14.20.0 Vulnerability Details CVEID: CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly check if an IP address ...
CVE-2022-32222
A vulnerability was found in NodeJS. The issue occurs when Node.js starts on Linux based systems and attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily does not exist. This flaw allows an attacker on some shared systems to create this file and...