Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/11/28 7:52 p.m.45 views

Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js and Spring Data MongoDB

Summary IBM Planning Analytics Workspace is affected by vulnerabilties in Node.js and Spring Data MongoDB CVE-2022-32212, CVE-2022-32213, CVE-2022-32223, CVE-2022-32214, CVE-2022-32222, CVE-2022-32215, CVE-2022-22980 Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a...

9.8CVSS8.7AI score0.77278EPSS
Exploits8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/02 9:54 a.m.50 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...

9.1CVSS8.7AI score0.77278EPSS
Exploits7Affected Software1
Tenable Nessus
Tenable Nessus
added 2022/10/03 12:0 a.m.149 views

Node.js 14.x < 14.20.1 / 16.x < 16.17.1 / 18.x < 18.9.1 Multiple Vulnerabilities (September 23rd 2022 Security Releases).

The version of Node.js installed on the remote host is prior to 14.20.1, 16.17.1, 18.9.1. It is, therefore, affected by multiple vulnerabilities as referenced in the September 23rd 2022 Security Releases advisory. - The fix for CVE-2022-32212, covered the cases for routable IP addresses, however,...

9.1CVSS8.1AI score0.68796EPSS
Exploits5References7
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/17 12:2 p.m.100 views

Security Bulletin: Multiple vulnerabilities in Node.js may affect IBM Spectrum Protect Plus (CVE-2022-32223, CVE-2022-32215, CVE-2022-33987, CVE-2022-32213, CVE-2022-32212, CVE-2022-32222, CVE-2022-32214)

Summary Vulnerabilities in Node.js such as elevation of privileges, HTTP request smuggling, bypassing security restrictions, and execution of arbitrary code may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID:CVE-2022-32223 DESCRIPTION: Node.js could allow a local attacker to gain...

8.1CVSS8.3AI score0.77278EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/08/10 4:27 p.m.74 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below Vulnerability Details CVEID:CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the...

8.1CVSS8.4AI score0.77278EPSS
Exploits5Affected Software2
Circl
Circl
added 2022/07/14 6:32 p.m.4 views

CVE-2022-32222

creationtimestamp| type| source ---|---|--- 2022-07-14 18:32:43+00:00| seen| https://t.me/cibsecurity/46247...

5.3CVSS6.5AI score0.0173EPSS
Exploits1References1
CVE
CVE
added 2022/07/14 12:0 a.m.179 views

CVE-2022-32222

CVE-2022-32222 affects Node.js on Linux, in the 18.x line prior to 18.40.0. The vulnerability stems from a default path for openssl.cnf that could become accessible to a non-admin user instead of /etc/ssl. The initial description does not quantify exploitation probability beyond access, but the p...

5.3CVSS5.1AI score0.0173EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2022/07/14 12:0 a.m.101 views

CVE-2022-32222

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3...

5.3CVSS5.3AI score0.0173EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/12 6:46 p.m.37 views

Security Bulletin: IBM Answer Retrieval for Watson Discovery is vulnerable to HTTP request smuggling due to NodeJS

Summary NodeJS is used by IBM Answer Retrieval for Watson Discovery. The fix upgrades to NodeJS 14.20.0 Vulnerability Details CVEID: CVE-2022-32212 DESCRIPTION: Node.js could allow a remote attacker to execute arbitrary code on the system, caused by the failure to properly check if an IP address ...

8.1CVSS0.9AI score0.77278EPSS
Exploits5Affected Software1
RedhatCVE
RedhatCVE
added 2022/07/08 7:17 p.m.32 views

CVE-2022-32222

A vulnerability was found in NodeJS. The issue occurs when Node.js starts on Linux based systems and attempts to read /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf, which ordinarily does not exist. This flaw allows an attacker on some shared systems to create this file and...

5.3CVSS4AI score0.0173EPSS
Exploits1References4
Rows per page
Query Builder