Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM47E7B5B582E7F2F059DA4816DF32D66DE4762A0008847A13077B893244E0FA36
HistorySep 13, 2024 - 7:30 a.m.

Security Bulletin: IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067.

2024-09-1307:30:43
www.ibm.com
1
ibm maximo application suite
micromatch vulnerability
denial of service
cve-2024-4067
node.js
regular expression

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

JSON

Summary

IBM Maximo Application Suite uses micromatch-4.0.5.tgz which is vulnerable to CVE-2024-4067. This bulletin contains information regarding the vulnerability and its fixture.

Vulnerability Details

CVEID:CVE-2024-4067
**DESCRIPTION:**Node.js micromatch module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in micromatch.braces() in index.js. By sending a specially crafted payload, a remote attacker could exploit this vulnerability to increase the consumption time until the application hangs or slows down.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/290676 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Maximo Application Suite 9.0
IBM Maximo Application Suite 8.11
IBM Maximo Application Suite 8.10

Remediation/Fixes

Remediated Products Version(s)
IBM Maximo Application Suite 9.0.1
IBM Maximo Application Suite 8.11.13
IBM Maximo Application Suite 8.10.16

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmmaximo_application_suiteMatch9.0
OR
ibmmaximo_application_suiteMatch8.11
OR
ibmmaximo_application_suiteMatch8.10
VendorProductVersionCPE
ibmmaximo_application_suite9.0cpe:2.3:a:ibm:maximo_application_suite:9.0:*:*:*:*:*:*:*
ibmmaximo_application_suite8.11cpe:2.3:a:ibm:maximo_application_suite:8.11:*:*:*:*:*:*:*
ibmmaximo_application_suite8.10cpe:2.3:a:ibm:maximo_application_suite:8.10:*:*:*:*:*:*:*

Related

fedora 2
osv 2
cvelist 1
veracode 1
nvd 1
nessus 5
vulnrichment 1
openvas 2
ibm 18
ubuntucve 1
redhatcve 1
github 1
cve 1
debiancve 1
cbl_mariner 1
wolfi 1
redhat 1
fedora
fedora
[SECURITY] Fedora 40 Update: yarnpkg-1.22.22-2.fc40
2024-07-13 02:46:53
[SECURITY] Fedora 39 Update: pgadmin4-7.8-7.fc39
2024-07-13 02:42:18
osv
osv
CVE-2024-4067
2024-05-14 15:42:00
CGA-6q83-777j-gp5r
2024-08-24 15:19:56
cvelist
cvelist
CVE-2024-4067 Regular Expression Denial of Service in micromatch
2024-05-13 10:04:42
veracode
veracode
Regular Expression Denial Of Service (ReDoS)
2024-05-31 05:28:55
nvd
nvd
CVE-2024-4067
2024-05-14 15:42:47
nessus
nessus
Fedora 40 : yarnpkg (2024-eef12396fc)
2024-07-13 00:00:00
RHEL 6 : gjs (Unpatched Vulnerability)
2024-07-11 00:00:00
Fedora 39 : pgadmin4 (2024-9820d9491f)
2024-07-13 00:00:00
vulnrichment
vulnrichment
CVE-2024-4067 Regular Expression Denial of Service in micromatch
2024-05-13 10:04:42
openvas
openvas
Fedora: Security Advisory (FEDORA-2024-eef12396fc)
2024-08-06 00:00:00
Fedora: Security Advisory (FEDORA-2024-9820d9491f)
2024-08-06 00:00:00
ibm
ibm
Security Bulletin: IBM DataPower Gateway vulnerable to DoS due to Node.js micromatch module (CVE-2024-4067)
2024-09-03 14:18:08
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js micromatch
2024-07-29 21:51:41
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Node.js micromatch module denial of service vulnerability[ CVE-2024-4067]
2024-08-05 21:44:27
ubuntucve
ubuntucve
CVE-2024-4067
2024-05-14 00:00:00
redhatcve
redhatcve
CVE-2024-4067
2024-05-15 12:25:41
github
github
Regular Expression Denial of Service (ReDoS) in micromatch
2024-05-14 18:30:54
cve
cve
CVE-2024-4067
2024-05-14 15:42:47
debiancve
debiancve
CVE-2024-4067
2024-05-14 15:42:47
cbl_mariner
cbl_mariner
CVE-2024-4067 affecting package reaper for versions less than 3.1.1-9
2024-06-06 19:53:22
wolfi
wolfi
CVE-2024-4067 vulnerabilities
2024-09-19 09:11:50
redhat
redhat
(RHSA-2024:6211) Important: Red Hat OpenShift Service Mesh Containers for 2.6.1 security update
2024-09-03 08:26:25

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

JSON
Related for 47E7B5B582E7F2F059DA4816DF32D66DE4762A0008847A13077B893244E0FA36
fedora2osv2cvelist1veracode1nvd1nessus5vulnrichment1openvas2ibm18ubuntucve1redhatcve1github1cve1debiancve1cbl_mariner1wolfi1redhat1