IBM Security Guardium Insights addressed the following vulnerability.
CVEID:CVE-2021-22939
**DESCRIPTION:**Node.js could allow a remote attacker to bypass security restrictions. If the https API was used incorrectly and “undefined” was in passed for the “rejectUnauthorized” parameter, an attacker could exploit this vulnerability to connect to servers using an expired certificate.
CVSS Base score: 3.7
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/207233 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Security Guardium Insights | 3.0 |
IBM encourages customers to update their systems promptly
Product
|
VRMF
|
Remediation / Fix
—|—|—
IBM Security Guardium Insights| 3.0|
Please download version 3.1.5
https://www.ibm.com/software/passportadvantage/?mhsrc=ibmsearch_a&mhq=pasport%20advantage
None