High Severity

Security Bulletin: IBM Cloud Private is vulnerable to a Node.js lodash vulnerability (CVEID: 183560)

Sep 26, 2020 8:00 pm EDT

Share this post:

IBM Cloud Private is vulnerable to a Node.js lodash vulnerability

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Cloud Private	3.2.1 CD
IBM Cloud Private	3.2.2 CD

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6338463

High Severity

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM Security Verify Information Queue uses a Node.js proxy library that has a known vulnerability (183561)

Mar 2, 2021 7:00 pm EST | High Severity

The web server in IBM Security Verify Information Queue (ISIQ) uses an older version of the http-proxy package that has a known vulnerability to a denial of service. As of v10.0.0, ISIQ has upgraded to a newer, secure version of http-proxy. ...read more

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Mar 1, 2021 7:00 pm EST | High Severity

IBM Security Guardium has fixed these vulnerabilities ...read more

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Mar 1, 2021 7:00 pm EST | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Security Guardium. These issues were disclosed as part of the IBM Java SDK updates in July 2020. ...read more

High Severity

Security Bulletin: IBM Cloud Private is vulnerable to a Node.js lodash vulnerability (CVEID: 183560)

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - OpenSSL (CVE-2019-1563, CVE-2019-1549, CVE-2019-1547)

Security Bulletin: IBM Cloud Private is vulnerable to a MongoDB vulnerability (CVE-2020-7921)

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM Security Verify Information Queue uses a Node.js proxy library that has a known vulnerability (183561)

Mar 2, 2021 7:00 pm EST | High Severity

Security Bulletin: IBM Security Guardium is affected by kernel vulnerabilities

Mar 1, 2021 7:00 pm EST | High Severity

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Security Guardium

Mar 1, 2021 7:00 pm EST | High Severity