Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM4C0F8E9469586996B619F6E8CA591662A46CACC2C2BF49C04C93F8B71F714940
HistoryMar 29, 2019 - 10:55 a.m.

Security Bulletin: IBM Event Streams is affected by vulnerabilities in the shipped Node runtime

2019-03-2910:55:01
www.ibm.com
7

0.015 Low

EPSS

Percentile

86.8%

JSON

Summary

IBM Event Streams has addressed the following vulnerabilities

Vulnerability Details

CVEID:CVE-2018-16487
DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to inject properties onto Object.prototype to cause a denial of service condition.
CVSS Base Score: 6.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/156530&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

CVEID: CVE-2019-5737 DESCRIPTION: Node.js is vulnerable to a denial of service. By establishing an HTTP or HTTPS connection in keep-alive mode and sending headers very slowly to force the connection and associated resources to stay alive for a long period of time, a remote attacker could exploit this vulnerability to consume all available resources.
CVSS Base Score: 5.9
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/158093&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Event Streams 2018.3.0

IBM Event Streams 2018.3.1

Remediation/Fixes

Upgrade to IBM Event Streams 2019.1.1 which is available from Passport Advantage.

CPENameOperatorVersion
ibm event streamseqany

Related

nvd 2
osv 6
prion 2
ibm 26
redhatcve 2
github 1
ubuntucve 2
hackerone 1
veracode 2
cvelist 2
cve 2
debiancve 2
nodejs 1
openvas 12
cbl_mariner 1
nessus 18
altlinux 1
suse 3
alpinelinux 1
freebsd 1
nodejsblog 1
redhat 3
ubuntu 1
rocky 1
photon 4
mageia 1
gentoo 1
kitploit 1
nvd
nvd
CVE-2018-16487
2019-02-01 18:29:00
CVE-2019-5737
2019-03-28 17:29:01
osv
osv
CVE-2018-16487
2019-02-01 18:29:00
Prototype Pollution in lodash
2019-02-07 18:16:48
CVE-2019-5737
2019-03-28 17:29:01
prion
prion
Buffer overflow
2019-02-01 18:29:00
Design/Logic Flaw
2019-03-28 17:29:00
ibm
ibm
Security Bulletin: IBM Cloud Transformation Advisor is affected by a Node.js lodash module vulnerability (CVE-2018-16487)
2022-12-05 19:00:57
Security Bulletin: Security vulnerability affects IBM Cloud Object Storage SDK NodeJS (Mar 2019)
2019-07-23 20:20:01
Security Bulletin: IBM API Connect is affected by a denial of service vulnerability in Node.js (CVE-2019-5737)
2019-06-06 15:40:02
redhatcve
redhatcve
CVE-2018-16487
2019-02-01 23:49:27
CVE-2019-5737
2020-03-01 07:37:24
github
github
Prototype Pollution in lodash
2019-02-07 18:16:48
ubuntucve
ubuntucve
CVE-2018-16487
2019-02-01 00:00:00
CVE-2019-5737
2019-03-28 00:00:00
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (lodash / constructor.prototype)
2018-07-12 08:28:18
veracode
veracode
Prototype Pollution Attack
2018-11-01 08:55:31
Denial Of Service (DoS)
2019-03-04 05:31:23
cvelist
cvelist
CVE-2018-16487
2019-02-01 18:00:00
CVE-2019-5737
2019-03-28 16:20:28
cve
cve
CVE-2018-16487
2019-02-01 18:29:00
CVE-2019-5737
2019-03-28 17:29:01
debiancve
debiancve
CVE-2018-16487
2019-02-01 18:29:00
CVE-2019-5737
2019-03-28 17:29:01
nodejs
nodejs
Prototype Pollution
2019-02-13 16:16:53
openvas
openvas
openSUSE: Security Advisory for nodejs10 (openSUSE-SU-2019:1211-1)
2019-04-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0635-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:0636-1)
2021-06-09 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-5737 affecting package nodejs 8.11.4-7
2021-08-11 06:39:34
nessus
nessus
openSUSE Security Update : nodejs10 (openSUSE-2019-1211)
2019-04-17 00:00:00
SUSE SLES15 Security Update : nodejs8 (SUSE-SU-2019:0635-1)
2019-03-20 00:00:00
SUSE SLES15 Security Update : nodejs10 (SUSE-SU-2019:0627-1)
2019-03-19 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 10.15.3-alt1
2019-03-09 00:00:00
suse
suse
Security update for nodejs10 (moderate)
2019-04-16 00:00:00
Security update for nodejs4 (moderate)
2019-03-28 00:00:00
Security update for nodejs6 (moderate)
2019-04-08 00:00:00
alpinelinux
alpinelinux
CVE-2019-5737
2019-03-28 17:29:01
freebsd
freebsd
Node.js -- multiple vulnerabilities
2019-02-28 00:00:00
nodejsblog
nodejsblog
February 2019 Security Releases
2019-02-28 00:00:00
redhat
redhat
(RHSA-2019:1821) Important: rh-nodejs8-nodejs security update
2019-07-22 13:09:06
(RHSA-2019:2925) Important: nodejs:10 security update
2019-09-30 07:07:29
(RHSA-2019:2939) Important: rh-nodejs10-nodejs security update
2019-09-30 23:10:11
ubuntu
ubuntu
Node.js vulnerabilities
2021-03-15 00:00:00
rocky
rocky
nodejs:10 security update
2019-09-30 07:07:29
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0257
2019-11-20 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0190
2019-11-20 00:00:00
Critical Photon OS Security Update - PHSA-2019-0190
2019-11-20 00:00:00
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2019-09-15 16:24:16
gentoo
gentoo
Node.js: Multiple vulnerabilities
2020-03-20 00:00:00
kitploit
kitploit
Trivy - A Simple And Comprehensive Vulnerability Scanner For Containers, Suitable For CI
2019-11-05 12:00:00

0.015 Low

EPSS

Percentile

86.8%

JSON
Related for 4C0F8E9469586996B619F6E8CA591662A46CACC2C2BF49C04C93F8B71F714940
nvd2osv6prion2ibm26redhatcve2github1ubuntucve2hackerone1veracode2cvelist2cve2debiancve2nodejs1openvas12cbl_mariner1nessus18altlinux1suse3alpinelinux1freebsd1nodejsblog1redhat3ubuntu1rocky1photon4mageia1gentoo1kitploit1