Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB72B5F61704B10E6D5F18137AB3545617A3970FFF2044AB56F1347B51B5A7012
HistorySep 19, 2022 - 2:05 p.m.

Security Bulletin: A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services

2022-09-1914:05:41
www.ibm.com
31
node.js
dicer
ibm cloud pak
watson aiops
infrastructure automation
cve-2022-24434
denial of service
upgrade
ibm cloud pak for watson aiops infrastructure automation 3.4.2

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.9%

JSON

Summary

A security vulnerability in Node.js dicer affects IBM Cloud Pak for Watson AIOps Infrastructure Automation Managed Services

Vulnerability Details

CVEID:CVE-2022-24434
**DESCRIPTION:**Node.js dicer module is vulnerable to a denial of service. By sending a specially-crafted form to server, a remote attacker could exploit this vulnerability to crash the node.js service.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/227085 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Cloud Pak for Watson AIOps Infrastructure Automation All

Remediation/Fixes

Upgrade to IBM Cloud Pak for Watson AIOps Infrastructure Automation 3.4.2 by following the instructions at <https://www.ibm.com/docs/en/cloud-paks/cloud-pak-watson-aiops/3.4.2?topic=upgrading-infrastructure-automation&gt;

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphere_automation_for_ibm_cloud_pak_for_watson_aiopsMatch3.4.

Related

ubuntucve 1
cvelist 1
github 1
nvd 1
osv 1
ibm 11
cve 1
prion 1
redhatcve 1
debiancve 1
veracode 1
nessus 1
ubuntucve
ubuntucve
CVE-2022-24434
2022-05-20 00:00:00
cvelist
cvelist
CVE-2022-24434 Denial of Service (DoS)
2022-05-20 00:00:00
github
github
Crash in HeaderParser in dicer
2022-05-21 00:00:25
nvd
nvd
CVE-2022-24434
2022-05-20 20:15:09
osv
osv
Crash in HeaderParser in dicer
2022-05-21 00:00:25
ibm
ibm
Security Bulletin: CVE-2022-24434 An issue was discovered in the npm package dicer
2023-11-17 21:04:58
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 16:52:45
Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-24434
2022-08-09 12:58:09
cve
cve
CVE-2022-24434
2022-05-20 20:15:09
prion
prion
Code injection
2022-05-20 20:15:00
redhatcve
redhatcve
CVE-2022-24434
2023-05-08 18:21:42
debiancve
debiancve
CVE-2022-24434
2022-05-20 20:15:09
veracode
veracode
Denial Of Service (DoS)
2022-05-23 11:08:32
nessus
nessus
IBM Cognos Analytics Multiple Vulnerabilities (6986505)
2023-05-12 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.002

Percentile

61.9%

JSON
Related for B72B5F61704B10E6D5F18137AB3545617A3970FFF2044AB56F1347B51B5A7012
ubuntucve1cvelist1github1nvd1osv1ibm11cve1prion1redhatcve1debiancve1veracode1nessus1