Lucene search
K

6 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/08/05 8:42 p.m.30 views

Security Bulletin: IBM Storage Ceph is vulnerable to OS Command Injection in Grafana (CVE-2022-25912, CVE-2022-25860, CVE-2022-25908)

Summary Simple Git is used by IBM Storage Ceph in Grafana for Metrics. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Ceph. CVE-2022-25912, CVE-2022-25860, CVE-2022-25908. Vulnerability Details CVEID:CVE-2022-25912 DESCRIPTION: Node.js simple-git module cou...

9.8CVSS8.8AI score0.02784EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/29 9:32 a.m.32 views

Security Bulletin: There is a security vulnerability in Node.js create-choo-electron module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite (CVE-2022-25908)

Summary There is a security vulnerability in Node.js create-choo-electron module used by IBM Maximo for Civil Infrastructure in Maximo Application Suite. Vulnerability Details CVEID:CVE-2022-25908 DESCRIPTION: Node.js create-choo-electron module could allow a remote attacker to execute arbitrary...

9.8CVSS8.8AI score0.01547EPSS
Exploits1Affected Software1
NVD
NVD
added 2023/01/26 9:15 p.m.30 views

CVE-2022-25908

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

9.8CVSS8.9AI score0.01547EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/24 5:0 a.m.5 views

CVE-2022-25908

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

7.4CVSS7.6AI score0.01547EPSS
Exploits1References1
CVE
CVE
added 2023/01/24 5:0 a.m.61 views

CVE-2022-25908

CVE-2022-25908 affects the Node.js module create-choo-electron, with all versions vulnerable to Command Injection via the devInstall function due to improper input validation. Connected IBM advisories tie this to IBM Storage Ceph and IBM Maximo MAS deployments, describing feasible command executi...

9.8CVSS9.7AI score0.01547EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/01/24 5:0 a.m.32 views

CVE-2022-25908

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

7.4CVSS10AI score0.01547EPSS
Exploits1References1
Rows per page
Query Builder