Medium Severity

Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System.

Share this post:

Multiple Vulnerabilities have been found in Node.js used by the Common UI in Cloud Pak System. Cloud Pak System has addressed these vulnerabilities.

CVE(s): CVE-2021-23343, CVE-2021-23386, CVE-2020-7789, CVE-2020-7693, CVE-2021-32640, CVE-2022-0691, CVE-2020-24025, CVE-2019-6283, CVE-2018-19838, CVE-2018-11499, CVE-2018-11696, CVE-2018-11697, CVE-2019-6286, CVE-2019-18797, CVE-2018-11698, CVE-2018-19839, CVE-2018-19837, CVE-2018-19797, CVE-2018-20821, CVE-2019-6284, CVE-2018-20190, CVE-2018-19827, CVE-2018-11694, CVE-2021-23364

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Cloud Pak System, IBM Cloud Pak System Software, IBM Cloud Pak System Software Suite  2.3.3.0 – 2.3.3.4

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6612791
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/201206
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202417
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/193001
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/184859
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/202549
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/220107
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/195029
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155594
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153722
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143880
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144308
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144302
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155592
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/171289
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144297
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153723
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153721
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153652
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/161651
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/155593
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154428
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153718
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144317
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/200951

More stories

Security Bulletin: IBM Sterling Partner Engagement Manager vulnerable to denial of service due to Apache Shiro (CVE-2022-32532)

September 23, 2022 | Medium Severity

IBM Sterling Partner Engagement Manager uses Apache Shiro library 1.9.1, where A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. The issue has been addressed. ...read more


Security Bulletin: IBM MQ Appliance is vulnerable to cross-site scripting (CVE-2022-31744)

September 23, 2022 | Medium Severity

IBM MQ Appliance has resolved a cross-site scripting vulnerability. ...read more


Security Bulletin: Due to RPM, AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266)

September 23, 2022 | Medium Severity

AIX is vulnerable to arbitrary code execution (CVE-2021-20271), RPM database corruption (CVE-2021-3421), and denial of service (CVE-2021-20266) due to RPM. RPM is used by AIX for package management. ...read more