Security Bulletin: There are several vulnerabilities with TinyMCE used by IBM Maximo Asset Management

Summary There are several vulnerabilities with TinyMCE used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2022-23494 DESCRIPTION: TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit th...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run designer flows containing Box nodes are vulnerable to security restriction bypass due to [CVE-2023-32313]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container by the Box connector in designer flows. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that run designer flows containing Box nodes are vulnerable to security...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service due to [CVE-2022-37603]

Summary Node.js module loader-utils is used by IBM App Connect Enterprise Certified Container by DesignerAuthoring operands. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to denial of service. This bulletin provides patch information to address the...

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2022-46175]

Summary Node.js module JSON5 is used by IBM App Connect Enterprise Certified Container for parsing JSON. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

Debian: Security Advisory (DLA-3291-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to arbitrary code execution due to [CVE-2022-25893]

Summary Node.js module vm2 is used by IBM App Connect Enterprise Certified Container as part of the Box connector in Designer flows. IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to arbitrary code execution. This bulletin provide...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution due to [CVE-2020-36632]

Summary Node.js module flat is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability in Node.js...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to denial of service due to CVE-2022-25887

Summary Node.js module sanitize-html is used internally by IBM App Connect Enterprise Certified Container for parsing error messages. IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to denial of service when processing error messages. This bulletin provides patch...

Security Bulletin: IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone (IBM X-Force ID: 237819)

Summary IBM App Connect Enterprise is vulnerable to a remote attacker due to Node.js module moment-timezone IBM X-Force ID: 237819. The fix includes a version of moment-timezone 0.5.35 Vulnerability Details IBM X-Force ID: 237819 DESCRIPTION: Node.js moment-timezone module could allow a remote...

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.5. Vulnerability Details CVEID:CVE-2019-20444 DESCRIPTION: Netty is vulnerable to HTTP request smuggling, caused by a flaw in the HttpObjectDecoder.java. By sending a specially-crafted request, an attacker cou...

ALPINE-CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring instances may be vulnerable to code injection due to CVE-2022-29622

Summary Node.js module formidable is used internally by IBM App Connect Enterprise Certified Container DesignerAuthoring operands. This bulletin provides patch information to address the reported vulnerability CVE-2022-29622 in Node.js module formidable. Vulnerability Details CVEID: CVE-2022-2962...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring and IntegrationServer operands may be vulnerable to code injection due to CVE-2022-29078

Summary Node.js module ejs is used by IBM App Connect Enterprise Certified Container for JavaScript templating. All IBM App Connect Enterprise Certified Container DesignerAuthoring operands, and IntegrationServer operands that run Designer flows may be vulnerable to code injection. This bulletin...

Diavante vue-storefront-api and storefront-api disclose stack trace

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

GHSA-9WXJ-37P8-49FF Diavante vue-storefront-api and storefront-api disclose stack trace

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...

Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServers that use Designer flows may be vulnerable to loss of confidentiality due to CVE-2022-24773

Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container by the connectors in a Designer flow to communicate with the connected SaaS application. IBM App Connect Enterprise Certified Container IntegrationServers that run Designer flows containing connectors may ...

Security Bulletin: IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to a denial of service vulnerability due to IBM X-Force vulnerability 220063

Summary Node.js module unset-value is used by IBM App Connect Enterprise Certified Container Dashboard when internally processing and validating an OpenAPI definition. IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to a denial of service vulnerability. This bulletin...

npm psnode 命令注入漏洞

npm psnode is an application from the American company npm. A Node.js KISS module for listing and terminating processes on OSX and Windows. A security vulnerability exists in psnode, which can be exploited by an attacker to potentially execute arbitrary commands...

Security Bulletin: Version 4.0.2 of Node.js module bl included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability

Summary Security Bulletin: Version 4.0.2 of Node.js module bl included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability Vulnerability Details CVEID: CVE-2020-8244 DESCRIPTION: Node.js bl module could allow a remote attacker to obtain sensitive information, caused by a buffer...

CVE-2020-11883

In Divante vue-storefront-api through 1.11.1 and storefront-api through 1.0-rc.1, as used in VueStorefront PWA, unexpected HTTP requests lead to an exception that discloses the error stack trace, with absolute file paths and Node.js module names...