Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMFA5F8263267AC6677A235806E81DF438CE428376F70E1DC63CE1722A4298CCD7
HistoryMar 23, 2020 - 8:41 p.m.

Security Bulletin: IBM Integration Bus is affected by a Node.js zlib DOS security Vulnerability(CVE-2017-14919)

2020-03-2320:41:52
www.ibm.com
10

0.071 Low

EPSS

Percentile

94.0%

JSON

Summary

IBM Integration Bus has addressed the following vulnerability

Vulnerability Details

CVEID:CVE-2017-14919**
DESCRIPTION: *Node.js is vulnerable to a denial of service, caused by an uncaught exception flaw in the zlib module. By making 8 an invalid value for the windowBits parameter, a remote attacker could exploit this vulnerability to cause the application to crash.
CVSS Base Score: 7.5
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/134286 for the current score
CVSS Environmental Score: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Products and Versions

IBM Integration Bus V10.0.0.0 - V10.0.0.10

Remediation/Fixes

Product

| VRMF|APAR|Remediation/Fix
—|—|—|—
IBM Integration Bus| V10.0.0.11| APAR IT23046 | The APAR is available in fix pack 10.0.0.11
<http://www-01.ibm.com/support/docview.wss?uid=swg24044326&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm integration buseq10.0

Related

openvas 5
redhatcve 1
cvelist 1
debiancve 1
veracode 1
nvd 1
ibm 5
alpinelinux 1
osv 1
ubuntucve 1
fedora 2
nodejsblog 1
nessus 6
freebsd 1
prion 1
cve 1
checkpoint_advisories 1
openvas
openvas
Fedora Update for nodejs FEDORA-2017-c582c1e728
2017-11-08 00:00:00
Fedora Update for nodejs FEDORA-2017-5c17b4934f
2017-11-23 00:00:00
SUSE: Security Advisory (SUSE-SU-2018:0293-1)
2021-06-09 00:00:00
redhatcve
redhatcve
CVE-2017-14919
2017-11-22 08:49:32
cvelist
cvelist
CVE-2017-14919
2017-10-30 19:00:00
debiancve
debiancve
CVE-2017-14919
2017-10-30 19:29:00
veracode
veracode
Denial Of Service (DoS)
2017-10-25 03:24:45
nvd
nvd
CVE-2017-14919
2017-10-30 19:29:00
ibm
ibm
Security Bulletin: API Connect is affected by a Node.js denial of service vulnerability (CVE-2017-14919)
2018-06-15 07:08:52
Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919)
2022-09-15 19:27:49
Security Bulletin: A security vulnerability has been identified in NodeJS shipped with IBM Cloud Schematics (CVE-2017-14919)
2018-06-17 22:33:37
alpinelinux
alpinelinux
CVE-2017-14919
2017-10-30 19:29:00
osv
osv
CVE-2017-14919
2017-10-30 19:29:00
ubuntucve
ubuntucve
CVE-2017-14919
2017-10-30 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: nodejs-6.11.5-1.fc26
2017-11-15 20:21:49
[SECURITY] Fedora 25 Update: nodejs-6.11.5-1.fc25
2017-11-07 23:41:49
nodejsblog
nodejsblog
DOS security vulnerability, October 2017
2017-10-24 00:00:00
nessus
nessus
FreeBSD : Node.js -- remote DOS security vulnerability (d7d1cc94-b971-11e7-af3a-f1035dd0da62)
2017-10-27 00:00:00
Fedora 25 : 1:nodejs (2017-c582c1e728)
2017-11-08 00:00:00
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2018:0002-1)
2019-01-02 00:00:00
freebsd
freebsd
Node.js -- remote DOS security vulnerability
2017-10-17 00:00:00
prion
prion
Code injection
2017-10-30 19:29:00
cve
cve
CVE-2017-14919
2017-10-30 19:29:00
checkpoint_advisories
checkpoint_advisories
Node.js Foundation Node.js zlib windowBits Denial of Service (CVE-2017-14919)
2018-05-14 00:00:00

0.071 Low

EPSS

Percentile

94.0%

JSON
Related for FA5F8263267AC6677A235806E81DF438CE428376F70E1DC63CE1722A4298CCD7
openvas5redhatcve1cvelist1debiancve1veracode1nvd1ibm5alpinelinux1osv1ubuntucve1fedora2nodejsblog1nessus6freebsd1prion1cve1checkpoint_advisories1