High Severity

IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

Share this post:

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs.

CVE(s): CVE-2018-0735, CVE-2018-0734, CVE-2018-5407, CVE-2018-12122, CVE-2018-12121, CVE-2018-12120, CVE-2018-5407, CVE-2018-0735, CVE-2018-0734, CVE-2018-12123, CVE-2018-12116

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v6.14.4 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.11.4 and earlier releases.

These vulnerabilities affect IBM SDK for Node.js v10.13.0 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh <appname> -c “cat staging_info.yml”

Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}

If the Node.js engine version is not at least v6.15.0, v8.14.0 or v10.14.0 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10795324
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153454
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153457
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153452

More stories

IBM Security Bulletin: A vulnerability in Open Source Libvirt affects IBM Netezza Host Management

Aug 21, 2019 9:01 am EDT | High Severity

Open Source Libvirt is used by IBM Netezza Host Management. IBM Netezza Host Management has addressed the applicable CVE. CVE(s): CVE-2019-10161 Affected product(s) and affected version(s): IBM Netezza Host Management 5.4.17.0 – 5.4.24.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10964462X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/162805 ...read more


IBM Security Bulletin: IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling (MDS) and other Kernel vulnerabilities

Aug 21, 2019 9:01 am EDT | High Severity

IBM Netezza Host Management is affected by the vulnerabilities known as Intel Microarchitectural Data Sampling (MDS). There are Microarchitectural (hardware) implementation issues that could allow an unprivileged local attacker to bypass conventional memory security restrictions in order to gain read access to privileged memory that would otherwise be inaccessible. CVE(s): CVE-2019-11091, CVE-2018-12130, CVE-2018-12127, CVE-2018-12126, CVE-2019-11478, ...read more


IBM Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability in IBM® SDK Java™ Technology Edition

Aug 21, 2019 9:01 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVEs. CVE(s): CVE-2019-2602 Affected product(s) and affected version(s): Enterprise Content Management System Monitor v5.5.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more