A security vulnerability in Node.js affects IBM Cloud Pak for Multicloud Management Infrastructure Management and Managed Services.
CVEID:CVE-2021-22939
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and “undefined” was in passed for the “rejectUnauthorized” parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207233 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak for Multicloud Management Infrastructure Management | All |
Upgrade to IBM Cloud Pak for Multicloud Management 2.3.x Fix Pack 2 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=upgrade-upgrading-fix-pack-2.>
None