High Severity

IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Share this post:

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs.

CVE(s): CVE-2018-0735, CVE-2018-0734, CVE-2018-5407, CVE-2018-12122, CVE-2018-12121, CVE-2018-12120, CVE-2018-5407, CVE-2018-0735, CVE-2018-0734, CVE-2018-12123, CVE-2018-12116

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v6.14.4 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.11.4 and earlier releases.

These vulnerabilities affect IBM SDK for Node.js v10.13.0 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh <appname> -c “cat staging_info.yml”

Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}

If the Node.js engine version is not at least v6.15.0, v8.14.0 or v10.14.0 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10795324
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153454
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153457
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153452

More stories

IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018

Feb 15, 2019 9:00 am EST | High Severity

Multiple vulnerabilities were identified in Node.js that affected IBM Cloud App Management V2018. The product was updated to use a later version of Node.js to address these security vulnerabilities. CVE(s): CVE-2018-0732, CVE-2018-12115, CVE-2018-7166, CVE-2018-0737 Affected product(s) and affected version(s): IBM Cloud App Management V2018.2 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM

Feb 14, 2019 9:00 am EST | High Severity

PowerKVM is affected by vulnerabilities in the Linux kernel . IBM has now addressed these vulnerabilities. CVE(s): CVE-2018-10675, CVE-2018-7566, CVE-2017-13215 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870832X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142895X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141112X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137560 ...read more


IBM Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031)

Feb 14, 2019 9:00 am EST | High Severity

IBM Sterling Order Management uses Apache Commons FileUpload and is affected by some of the vulnerabilities that exist in Apache Commons FileUpload. CVE(s): CVE-2016-1000031 Affected product(s) and affected version(s):IBM Sterling Selling and Fulfillment Foundation 9.1.0 through 10.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870454X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 ...read more