High Severity

Security Bulletin: IBM Cloud Pak for Integration is vulnerable to Node.js http-proxy module denial of service

Share this post:

Node.js http-proxy module is vulnerable to a denial of service. By sending a specially crafted HTTP request with an overly long body, a remote attacker could exploit this vulnerability to trigger an ERR_HTTP_HEADERS_SENT unhandled exception and crash the server.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Asset Repository in IBM Cloud Pak for Integration (CP4I) 2.2.0 (CP4I 2019.3.2.2)
Asset Repository in IBM Cloud Pak for Integration (CP4I) 4.0.0 (CP4I 2020.1.1)
Asset Repository in IBM Cloud Pak for Integration (CP4I) 2020.2.1-0 (CP4I 2020.2.1)

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6255986

More stories

Security Bulletin: WebSphere Application Server is vulnerable to an information exposure vulnerability (CVE-2020-4643)

Sep 17, 2020 8:00 pm EDT | High Severity

WebSphere Application Server is vulnerable to an information exposure vulnerability. This has been addressed. ...read more


Security Bulletin: Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Sep 16, 2020 8:00 pm EDT | High Severity

WebSphere Application Server is shipped with IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise. Vulnerabilities have been identified in WebSphere Application Server and the information about their fixes are published in security bulletins. ...read more


Security Bulletin: Vulnerability in Apache Batik library affects IBM Cúram Social Program Management (CVE-2019-17566)

Sep 15, 2020 8:01 pm EDT | High Severity

IBM Cúram Social Program Management uses Apache Batik libraries, for which there is a publicly known vulnerability. Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. ...read more