Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM722BBAE72DF3AB6E79F8F085858F0ABE8603D3D7BB0304C69E95747AE6C37D07
HistoryDec 20, 2019 - 1:57 p.m.

Security Bulletin: Multiple Vulnerabilities in Nginx affects IBM Watson Studio Local

2019-12-2013:57:24
www.ibm.com
23

EPSS

0.007

Percentile

79.7%

JSON

Summary

Multiple Vulnerabilities in Nginx affects IBM Watson Studio Local

Vulnerability Details

CVEID:CVE-2019-13067
**DESCRIPTION:**njs through 0.3.3, used in NGINX, has a buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c. This issue occurs after the fix for CVE-2019-12207 is in place.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/166358 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-13617
**DESCRIPTION:**njs through 0.3.3, used in NGINX, has a heap-based buffer over-read in nxt_vsprintf in nxt/nxt_sprintf.c during error handling, as demonstrated by an njs_regexp_literal call that leads to an njs_parser_lexer_error call and then an njs_parser_scope_error call.
CVSS Base score: 3.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163760 for the current score.
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)

CVEID:CVE-2019-12208
**DESCRIPTION:**njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in njs_function_native_call in njs/njs_function.c.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161282 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-12207
**DESCRIPTION:**njs through 0.3.1, used in NGINX, has a heap-based buffer over-read in nxt_utf8_decode in nxt/nxt_utf8.c.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161281 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2019-12206
**DESCRIPTION:**njs through 0.3.1, used in NGINX, has a heap-based buffer overflow in nxt_utf8_encode in nxt_utf8.c.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/161279 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Watson Studio Local 1.2.3

Remediation/Fixes

Product VRMF Remediation/First Fix
IBM Watson Studio Local 2.1 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;
IBM Cloud Pak for Data 2.5 <https://www.ibm.com/software/passportadvantage/pao_customer.html&gt;

Workarounds and Mitigations

None

Related

ibm 5
cvelist 5
nvd 5
osv 5
prion 5
cve 5
checkpoint_advisories 4
ibm
ibm
Security Bulletin: Aspera Shares application is affected by multiple NGINX Vulnerabilities (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-13617, CVE-2018-16845, CVE-2018-16843, CVE-2019-7401)
2019-08-15 18:53:15
Security Bulletin: Aspera Web Shares application is affected by NGINX Vulnerabilities (CVE-2019-12208, CVE-2019-12207)
2020-02-28 01:17:04
Security Bulletin: IBM Aspera Shares Web Application is affected by NGINX Vulnerabilities (CVE-2019-13067)
2020-02-28 01:38:24
cvelist
cvelist
CVE-2019-13067
2019-06-29 23:29:57
CVE-2019-12206
2019-05-20 13:28:45
CVE-2019-13617
2019-07-16 16:07:00
nvd
nvd
CVE-2019-13067
2019-06-30 00:15:11
CVE-2019-12206
2019-05-20 14:29:00
CVE-2019-12208
2019-05-20 14:29:00
osv
osv
CVE-2019-13067
2019-06-30 00:15:11
CVE-2019-12206
2019-05-20 14:29:00
CVE-2019-13617
2019-07-16 17:15:12
prion
prion
Design/Logic Flaw
2019-06-30 00:15:00
Heap overflow
2019-07-16 17:15:00
Heap overflow
2019-05-20 14:29:00
cve
cve
CVE-2019-13067
2019-06-30 00:15:11
CVE-2019-13617
2019-07-16 17:15:12
CVE-2019-12206
2019-05-20 14:29:00
checkpoint_advisories
checkpoint_advisories
NGINX NJS Heap-Based Buffer Overflow (CVE-2019-12206)
2020-05-27 00:00:00
NGINX NJS Buffer Overflow (CVE-2019-13067)
2020-05-17 00:00:00
NGINX NJS Heap-Based Buffer Overflow (CVE-2019-12208)
2020-05-27 00:00:00

EPSS

0.007

Percentile

79.7%

JSON
Related for 722BBAE72DF3AB6E79F8F085858F0ABE8603D3D7BB0304C69E95747AE6C37D07
ibm5cvelist5nvd5osv5prion5cve5checkpoint_advisories4