High Severity

IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Share this post:

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs.

CVE(s): CVE-2018-0735, CVE-2018-0734, CVE-2018-5407, CVE-2018-12122, CVE-2018-12121, CVE-2018-12120, CVE-2018-5407, CVE-2018-0735, CVE-2018-0734, CVE-2018-12123, CVE-2018-12116

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v6.14.4 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.11.4 and earlier releases.

These vulnerabilities affect IBM SDK for Node.js v10.13.0 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh <appname> -c “cat staging_info.yml”

Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}

If the Node.js engine version is not at least v6.15.0, v8.14.0 or v10.14.0 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10795324
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153454
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153457
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153452

More stories

IBM Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Integration Bus & IBM App Connect Enterprise V11

Apr 22, 2019 9:00 am EDT | High Severity

IBM Integration Bus & IBM App Connect Enterprise V11 ship with Node.js version 8 for which multiple vulnerabilities were reported and have been addressed. Vulnerability details are listed below. CVE(s): CVE-2018-12122, CVE-2018-12121, CVE-2018-12123, CVE-2018-12116 Affected product(s) and affected version(s): IBM Integration Bus V10.0.0 – V10.0.0.15 IBM App connect Enterprise V11 , V11.0.0.0 – V11.0.0.3 Refer ...read more


IBM Security Bulletin: Vyatta 5600 vRouter Software Patches – Release 1801-v

Apr 20, 2019 9:00 am EDT | High Severity

AT&T has released version 1801-v for the Vyatta 5600. Details of this release can be found at https://cloud.ibm.com/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches CVE(s): CVE-2018-8905, CVE-2018-7456, CVE-2018-5784, CVE-2018-18557, CVE-2018-1710, CVE-2018-16335, CVE-2018-15209, CVE-2018-10963, CVE-2017-17095, CVE-2017-11613, CVE-2018-19788, CVE-2018-19628, CVE-2018-19627, CVE-2018-18226, CVE-2018-18225, CVE-2018-12086, CVE-2018-16866, CVE-2018-16865, CVE-2018-16864, CVE-2019-6250, CVE-2018-19967, CVE-2018-19965, CVE-2018-19962, CVE-2018-19961, CVE-2019-3462, CVE-2018-0737, CVE-2018-0735, CVE-2018-0734, CVE-2018-0732, CVE-2018-5407, CVE-2018-19966 Affected product(s) and affected version(s):VRA ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Cognos TM1 (CVE-2018-3180, CVE-2018-12547)

Apr 19, 2019 9:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 used by IBM Cognos TM1. These issues were disclosed as part of the IBM Java SDK updates in October 2018 and January 2019. CVE(s): CVE-2018-3180, CVE-2018-12547 Affected product(s) and affected version(s): IBM Cognos TM1 10.2.2 Refer to the following reference URLs for remediation and ...read more