Medium Severity

Security Bulletin: Vulnerabilities in Urllib3 and react-bootstrap-table affect IBM Spectrum Discover.

Share this post:

Vulnerabilities in Urllib3 and react-bootstrap-table such as problems on the regular expression cause denial of service, improper validations in parameters and problems related to cross-site scripting, may affect IBM Spectrum Discover.

CVE(s): CVE-2021-33503, CVE-2021-23398

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
Spectrum Discover 2.0.3
Spectrum Discover 2.0.3.1
Spectrum Discover 2.0.3.2
Spectrum Discover 2.0.3.3
Spectrum Discover 2.0.3.4
Spectrum Discover 2.0.3.5
Spectrum Discover 2.0.4
Spectrum Discover 2.0.4.1
Spectrum Discover 2.0.4.2

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6507705
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/203109
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/204402

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. ...read more


Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. ...read more


Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the "secureValidation" property when creating a KeyInfo from a KeyInfoReference element. ...read more