Lucene search
+L

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2022/07/04 4:2 p.m.44 views

Security Bulletin: IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution due to async ( CVE-2021-43138) and nconf (CVE-2022-21803)

Summary IBM Integration Bus and IBM App Connect Enterprise are vulnerable to arbitrary code execution, due to the async CVE-2021-43138 and nconf CVE-2022-21803 modules for Node.js. A mitigation has been provided for IBM Integration Bus. The latest fix packs for IBM App Connect Enterprise includes...

7.8CVSS2.3AI score0.03346EPSS
Exploits2Affected Software2
RedHat Linux
RedHat Linux
added 2022/06/28 5:3 p.m.75 views

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.11 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.11 general availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS8.9AI score0.05664EPSS
Exploits3References36
RedHat Linux
RedHat Linux
added 2022/06/27 7:32 p.m.65 views

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.4.5 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.4.5 General Availability release images, which fix bugs and update container images. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

9.1CVSS6.8AI score0.05664EPSS
Exploits3References26
IBM Security Bulletins
IBM Security Bulletins
added 2022/05/26 3:4 p.m.42 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to code injection due to CVE-2022-21803

Summary Node.js module nconf is used by IBM App Connect Enterprise Certified Container operands for loading default configuration values. IBM App Connect Enterprise Certified Container IntegrationServer, Dashboard and Designer operands may be vulnerable to code injection if the configuration file...

7.5CVSS0.9AI score0.01753EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2022/05/05 4:52 a.m.78 views

Moderate: Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.3.10 security updates and bug fixes

Red Hat Advanced Cluster Management for Kubernetes 2.3.10 General Availability release images, which provide security updates and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a...

8.8CVSS7.3AI score0.05664EPSS
Exploits6References36
NVD
NVD
added 2022/04/12 4:15 p.m.23 views

CVE-2022-21803

This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...

7.5CVSS0.01753EPSS
Exploits1References4
CVE
CVE
added 2022/04/12 3:20 p.m.163 views

CVE-2022-21803

CVE-2022-21803 affects Node.js nconf prior to 0.11.4. When using the memory engine, a crafted property can trigger prototype pollution by modifying Object.prototype via proto or constructor payloads, potentially enabling arbitrary code execution or a denial of service. A fix is available in nconf...

7.5CVSS7.1AI score0.01753EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/04/12 3:20 p.m.31 views

CVE-2022-21803 Prototype Pollution

This affects the package nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted...

7.3CVSS7.1AI score0.01753EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/02/07 5:3 p.m.5 views

7ghost (>=4.11.0 <=4.11.46), @absolunet/nwayo-workflow (>=3.6.0 <=3.8.2) +887 more potentially affected by CVE-2022-21803 via nconf (>=0.10.0 <=0.11.3)

nconf NPM version =0.10.0, =4.11.0, =3.6.0, =0.9.17, =0.3.0-SNAPSHOT.293, =2.6.0, =1.0.5-SNAPSHOT.105, =1.2.5, =2.0.4, =1.0.0, =3.2.1, =0.0.1, =1.0.0, =0.0.1-feature-5cf2ee-kaxka2d7, =2.3.0-feature-f2daa5-kkqvjc9m and more Source cves: CVE-2022-21803 Source advisory: SNYK:JS-NCONF-2395478...

7.5CVSS7.1AI score0.01753EPSS
Exploits1
Rows per page
Query Builder