Home Unlabelled IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

IBM Security Bulletin: Multiple vulnerabilities affect IBM® SDK for Node.js™ in IBM Cloud

By
Wednesday, January 23, 2019
Read
Add Comment

Jan 23, 2019 9:01 am EST

Categorized: High Severity

Share this post:

OpenSSL vulnerabilities were disclosed by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs. Node.js vulnerabilities were disclosed by the Node.js foundation. Node.js is used by IBM SDK for Node.js for IBM Cloud. IBM SDK for Node.js for IBM Cloud has addressed the applicable CVEs.

CVE(s): CVE-2018-0735, CVE-2018-0734, CVE-2018-5407, CVE-2018-12122, CVE-2018-12121, CVE-2018-12120, CVE-2018-5407, CVE-2018-0735, CVE-2018-0734, CVE-2018-12123, CVE-2018-12116

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v6.14.4 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.11.4 and earlier releases.

These vulnerabilities affect IBM SDK for Node.js v10.13.0 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh -c “cat staging_info.yml”

Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}

If the Node.js engine version is not at least v6.15.0, v8.14.0 or v10.14.0 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10795324
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153456
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153455
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153454
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152484
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152086
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/152085
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153457
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/153452



from IBM Product Security Incident Response Team https://ibm.co/2R5lIBn
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us