Authorization

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the Cloud Event Management Webhook URL configuration definition. This could enable an authenticated user with admin authorization to create DNS query strings that are not hostnames. IBM X-Force ID: 187861...

Security Bulletin: Version 6.4.6 of Node.js module nodemailer included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability

Summary Security Bulletin: Version 6.4.6 of Node.js module nodemailer included in IBM Netcool Operations Insight 1.6.2.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-7769 DESCRIPTION: Nodejs could allow a remote attacker to execute arbitrary commands on the system, caused by...

Security Bulletin: Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities

Summary Security Bulletin: Version 12.18.0 of Node.js included in IBM Netcool Operations Insight 1.6.2.x has several security vulnerabilities Vulnerability Details CVEID: CVE-2020-8251 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by delayed unfinished HTTP/1.1 requests...

Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability (CVE-2020-14147)

Summary Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-14147 DESCRIPTION: Redis is vulnerable to a denial of service, caused by an integer overflow in the getnum function in luastruct....

Security Bulletin: Version 4.17.15 of Node.js module lodash included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability

Summary Security Bulletin: Version 4.17.15 of Node.js module lodash included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details Third Party Entry: 183560 DESCRIPTION: Node.js lodash module denial of service CVSS Base score: 7.5 CVSS Temporal Score: See:...

Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities.

Summary Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities. Vulnerability Details CVEID: CVE-2019-15605 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by a flaw when handling unusual Transfer-Encodi...

Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities.

Summary Security Bulletin: Version 10.16.3 of Node.js included in IBM Cloud Event Management 2.5.0 has several security vulnerabilities. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an issue when HTTP...

Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities.

Summary Security Bulletin: Version 8.15.0 of Node.js included in IBM Cloud Event Management 2.3.0 has several security vulnerabilities. Vulnerability Details CVE-ID: CVE-2019-9516 Description: Multiple vendors are vulnerable to a denial of service, caused by a 0-Length Headers Leak attack. By...

Security Bulletin: IBM Cloud Event Management is affected by a security vulnerability when using Microsoft Internet Explorer (CVE-2018-1365)

Summary IBM Cloud Event Management is affected by one or more security vulnerabilities. When using Internet Explorer, Cloud Event Management can be loaded in to an iframe that is not part of the Cloud Event Management system. If you do not load Cloud Event Management directly, your session might ...