CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
73.2%
Vulnerability in nodejs decode-uri-component affect Cloud Pak System[CVE-2022-38900]. Cloud Pak System has addressed this vulnerability.
CVEID:CVE-2022-38900
**DESCRIPTION:**decode-uri-component is vulnerable to a denial of service, caused by improper input validation by the decodeComponents function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241069 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Affected Product(s) | Version(s) (Power) |
---|---|
IBM Cloud Pak System | 2.3.1.1, 2.3.2.0 |
IBM Cloud Pak System | 2.3.3.7 |
Affected Product(s) | Version(s) (intel) |
IBM Cloud Pak System | 2.3.3.0 |
IBM Cloud Pak System | 2.3.3.3, 2.3.3.3 iFIx1 |
IBM Cloud Pak System | 2.3.3.4 |
IBM Cloud Pak System | 2.3.3.5 |
IBM Cloud Pak System | 2.3.3.6, 2.3.3.3.6 iFix1, 2.3.3.6 iFix2 (Intel) |
For unsupported platform/version/release the recommendation is to upgrade to supported platform/version/release of the product.
Vulnerability identified in decode-uri-component in Jest module Cloud Pak System update jest module to version that removed decode-uri-component.
For Cloud Pak System V2.3.0.1, V2.3.1.1, V2.3.2.0 for power,
Upgrade to Cloud Pak System v2.3.3.7 and apply V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading here <https://www.ibm.com/support/pages/node/6982511>
For Cloud Pak System V2.3.3.7 for power,
Apply Cloud Pak System V2.3.3.7 Interim Fix 01 at IBM Fix Central.
information on upgrading available at <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
For Cloud Pak System on Intel
Upgrade to Cloud Pak System v2.3.4.0 at Fix Central
Information on upgrading here <http://www.ibm.com/support/docview.wss?uid=ibm10887959>
None
Vendor | Product | Version | CPE |
---|---|---|---|
ibm | cloud_pak_system | 2.3 | cpe:2.3:a:ibm:cloud_pak_system:2.3:*:*:*:*:*:*:* |
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
73.2%