Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM49C34992AFAE81FC539634C0829A132ADB4D8EDC35A9EBE2DCCAA56075DE4BB9
HistoryJul 08, 2021 - 8:26 p.m.

Security Bulletin: IBM InfoSphere Information Server is vulnerable to a denial of service vulnerability in Angular.js

2021-07-0820:26:47
www.ibm.com
22

0.008 Low

EPSS

Percentile

81.8%

JSON

Summary

A denial of service vulnerability in Angular.js used by IBM InfoSphere Information Analyzer was addressed.

Vulnerability Details

CVEID:CVE-2016-4055
**DESCRIPTION:**The Node.js moment module is vulnerable to a denial of service, caused by an error in the regular expression implementation. An attacker could exploit this vulnerability using a regular expression to cause the application to hang.
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/112574 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Affected Products and Versions

Affected Product(s) Version(s)
InfoSphere Information Server 11.7

Remediation/Fixes

Product VRMF APAR Remediation/First Fix
InfoSphere Information Analyzer, Information Server on Cloud 11.7 JR63476
--Apply InfoSphere Information Server version 11.7.1.0
--Apply InfoSphere Information Server version 11.7.1.0 Fix Pack 1
--Apply InfoSphere Information Server 11.7.1.1 Service Pack 2

For Red Hat 8 installations contact IBM Customer support

Contact Technical Support:

In the United States and Canada dial 1-800-IBM-SERV
View the support contacts for other countries outside of the United States.
Electronically open a Service Request with Information Server Technical Support.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm infosphere information servereqany

Related

prion 2
debiancve 2
github 1
cvelist 2
nvd 2
osv 4
nodejs 1
ubuntucve 2
cve 2
nessus 4
ubuntu 1
openvas 2
redhatcve 1
atlassian 1
ibm 5
oracle 1
prion
prion
Deserialization of untrusted data
2017-01-23 21:59:00
Design/Logic Flaw
2018-03-04 21:29:00
debiancve
debiancve
CVE-2016-4055
2017-01-23 21:59:01
CVE-2017-18214
2018-03-04 21:29:00
github
github
Regular Expression Denial of Service in moment
2017-10-24 18:33:35
cvelist
cvelist
CVE-2016-4055
2017-01-23 21:00:00
CVE-2017-18214
2018-03-04 21:00:00
nvd
nvd
CVE-2016-4055
2017-01-23 21:59:01
CVE-2017-18214
2018-03-04 21:29:00
osv
osv
CVE-2016-4055
2017-01-23 21:59:01
Regular Expression Denial of Service in moment
2017-10-24 18:33:35
CVE-2017-18214
2018-03-04 21:29:00
nodejs
nodejs
Regular Expression Denial of Service
2015-10-26 23:19:57
ubuntucve
ubuntucve
CVE-2016-4055
2017-01-23 00:00:00
CVE-2017-18214
2018-03-04 00:00:00
cve
cve
CVE-2016-4055
2017-01-23 21:59:01
CVE-2017-18214
2018-03-04 21:29:00
nessus
nessus
Ubuntu 16.04 ESM : Moment.js vulnerabilities (USN-4786-1)
2023-10-23 00:00:00
Atlassian Jira < 8.20.9 / 8.22.0 (JRASERVER-73244)
2022-07-06 00:00:00
Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)
2019-03-28 00:00:00
ubuntu
ubuntu
Moment.js vulnerabilities
2021-03-15 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4786-1)
2023-01-27 00:00:00
Tenable Nessus < 8.3.0 Multiple Vulnerabilities (TNS-2019-02)
2019-04-02 00:00:00
redhatcve
redhatcve
CVE-2017-18214
2018-03-08 20:19:26
atlassian
atlassian
Upgrade Moment.js to 2.22.1+ as required for CVE-2017-18214, CVE-2016-4055
2022-02-01 19:34:22
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Data Encryption (GDE) (CVE-2017-18214, CVE-2016-4055, CVE-2021-20413)
2021-06-25 09:04:16
Security Bulletin: Multiple vulnerabilities in moment.js affect IBM Storage Scale
2024-05-08 07:15:59
Security Bulletin: There is a vulnerability in moment.js used by IBM Jazz Reporting Service (CVE-2022-24785)
2023-10-04 10:43:28
oracle
oracle
CPU July 2018
2018-07-17 00:00:00

0.008 Low

EPSS

Percentile

81.8%

JSON
Related for 49C34992AFAE81FC539634C0829A132ADB4D8EDC35A9EBE2DCCAA56075DE4BB9
prion2debiancve2github1cvelist2nvd2osv4nodejs1ubuntucve2cve2nessus4ubuntu1openvas2redhatcve1atlassian1ibm5oracle1