The IBM Security Information Queue (ISIQ) web server utilizes a Node.js runtime environment. The environment includes several open source packages with known vulnerabilities. As of ISIQ v1.0.6, the open source packages have been upgraded to the recommended secure versions.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Security Information Queue (ISIQ) | 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6172563
The post Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358) appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/3e6xGqO
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.