Wednesday, August 8, 2018

IBM Security Bulletin: Security vulnerabilities in IBM® SDK for Node.js™ affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160)

Security vulnerabilities have been reported in IBM® SDK for Node.js™ that affect IBM® SDK for Node.js™ in IBM Cloud.

CVE(s): CVE-2018-7158, CVE-2018-7159, CVE-2018-7160

Affected product(s) and affected version(s):

These vulnerabilities affect IBM SDK for Node.js v6.12.0.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.9.0.0 and earlier releases.

You can also find this file through the command-line Cloud Foundry client by running the following command:

cf ssh <appname> -c cat staging_info.yml

Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}

If the Node.js engine version is not at least v6.14.3 or v8.11.3 your application may be vulnerable.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=swg22011860
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143449
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143448
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143447

The post IBM Security Bulletin: Security vulnerabilities in IBM® SDK for Node.js™ affect IBM® SDK for Node.js™ in IBM Cloud (CVE-2018-7158, CVE-2018-7159, CVE-2018-7160) appeared first on IBM PSIRT Blog.



from IBM Product Security Incident Response Team https://ift.tt/2OPnJBw

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.