6 matches found
Security Bulletin: IBM Storage Ceph is vulnerable to OS Command Injection in Grafana (CVE-2022-25912, CVE-2022-25860, CVE-2022-25908)
Summary Simple Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2022-25912, CVE-2022-25860, CVE-2022-25908. Vulnerability Details CVEID:CVE-2022-25912 DESCRIPTION: Node.js simple-git module cou...
Security Bulletin: There is a security vulnerability in Node.js create-choo-electron module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25908)
Summary There is a security vulnerability in Node.js create-choo-electron module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-25908 DESCRIPTION: Node.js create-choo-electron module could allow a remote attacker to execute arbitrary...
CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...
CVE-2022-25908
CVE-2022-25908 affects the Node.js module create-choo-electron, with all versions vulnerable to Command Injection via the devInstall function due to improper input validation. Connected IBM advisories tie this to IBM Storage Ceph and IBM Maximo MAS deployments, describing feasible command executi...
CVE-2022-25908
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...