A security vulnerability in Ruby on Rails affects IBM Cloud Pak for Multicloud Management Infrastructure Management.
CVEID:CVE-2021-22902
**DESCRIPTION:**Ruby on Rails is vulnerable to a denial of service, caused by a use-after-free flaw in the in Action Dispatch. By sending specially-crafted Accept headers, a remote attacker could exploit this vulnerability to cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201281 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVEID:CVE-2021-22904
**DESCRIPTION:**Ruby on Rails is vulnerable to a denial of service, caused by a use-after-free flaw in the Token Authentication logic in Action Controller. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/201283 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Pak for Multicloud Management Infrastructure Management | All |
Upgrade to IBM Cloud Pak for Multicloud Management 2.3 latest fixpack by following the instructions in <https://www.ibm.com/docs/en/cloud-paks/cp-management/2.3.x?topic=installation-upgrade>.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm cloud pak for multicloud management | eq | 2.3 |