Vulnerabilites related to ibm - sdk
Vulnerability from fkie_nvd
Published
2020-02-03 17:15
Modified
2024-11-21 04:44
Severity ?
6.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/172618VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/1288060Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/172618VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/1288060Vendor Advisory
Impacted products
Vendor Product Version
ibm sdk *
ibm sdk *
ibm sdk *
microsoft windows -
ibm websphere_application_server 7.0
ibm websphere_application_server 8.0
ibm websphere_application_server 8.5
ibm websphere_application_server 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "8744D28C-4CBA-4777-89DC-8BBE1AD327A1",
              "versionEndIncluding": "7.0.10.55",
              "versionStartIncluding": "7.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "8D4B39C8-9D08-41A6-9173-75FB13F597CF",
              "versionEndIncluding": "7.1.4.55",
              "versionStartIncluding": "7.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "05936C33-90D9-46B5-B5F5-52CC13595ABA",
              "versionEndIncluding": "8.0.6.0",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0905C80-A1BA-49CD-90CA-9270ECC3940C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07EBB48B-4EE2-4333-851E-BA1B104FBE92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E30E8CE2-9137-4669-AE86-FB8ED0899736",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."
    },
    {
      "lang": "es",
      "value": "IBM SDK, Java Technology Edition Versi\u00f3n versiones 7.0.0.0 hasta 7.0.10.55, versiones 7.1.0.0 hasta 7.1.4.55 y versiones 8.0.0.0 hasta 8.0.6.0, podr\u00edan permitir a un atacante autenticado local ejecutar c\u00f3digo arbitrario en el sistema, causado por una vulnerabilidad de secuestro del orden de b\u00fasqueda de DLL en el cliente de Microsoft Windows. Mediante la colocaci\u00f3n de un archivo especialmente dise\u00f1ado en una carpeta comprometida, un atacante podr\u00eda explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. ID de IBM X-Force: 172618."
    }
  ],
  "id": "CVE-2019-4732",
  "lastModified": "2024-11-21T04:44:04.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-03T17:15:14.627",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/1288060"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-426"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-05-22 20:29
Modified
2025-04-20 01:37
Severity ?
8.2 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Summary
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/98401Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2017:1220
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2017:1221
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2017:1222
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2017:3453
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg22002169Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/98401Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1220
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1221
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:1222
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3453
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg22002169Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm sdk *
ibm sdk *
ibm sdk *
ibm sdk *
ibm sdk *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:service_refresh_16_fp41:*:*:java_technology_edition:*:*:*",
              "matchCriteriaId": "CD06C8C9-F372-447B-BACF-FFF285FA752B",
              "versionEndIncluding": "6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:service_refresh_8_fp41:*:*:java_technology_edition:*:*:*",
              "matchCriteriaId": "433DD25E-7F4E-4A13-B1C2-6D42E9C6F543",
              "versionEndIncluding": "6r1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:service_refresh_10_fp1:*:*:java_technology_edition:*:*:*",
              "matchCriteriaId": "A5A902B3-8747-4185-BA40-F2F6E93340B0",
              "versionEndIncluding": "7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:service_refresh_4_fp1:*:*:java_technology_edition:*:*:*",
              "matchCriteriaId": "7E1CBA89-77F9-4E73-B22C-D9B7566B0335",
              "versionEndIncluding": "7r1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:service_refresh_4_fp2:*:*:java_technology_edition:*:*:*",
              "matchCriteriaId": "DA657C59-DF17-496C-B7CB-16F8A594430A",
              "versionEndIncluding": "8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150."
    },
    {
      "lang": "es",
      "value": "SDK de IBM, Java Technology Edition es vulnerable a un error de inyecci\u00f3n XML External Entity (XXE) al procesar datos XML. Un atacante remoto podr\u00eda explotar esta vulnerabilidad para exponer informaci\u00f3n altamente confidencial o consumir recursos de memoria. ID de IBM X-Force: 125150."
    }
  ],
  "id": "CVE-2017-1289",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-05-22T20:29:00.313",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98401"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:1220"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:1221"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:1222"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22002169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/98401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:1220"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:1221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:1222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2017:3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg22002169"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-08-02 15:15
Modified
2024-11-21 07:21
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/236069VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7017032Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/236069VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7017032Vendor Advisory
Impacted products
Vendor Product Version
ibm sdk *
ibm sdk *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "3DB46437-1714-4E42-A63F-CA2415164CE9",
              "versionEndExcluding": "7.1.5.19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "59973F35-EB35-4E62-A91A-1D6D0E2693EB",
              "versionEndExcluding": "8.0.8.5",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  236069."
    },
    {
      "lang": "es",
      "value": "IBM SDK Java Technology Edition 7.1.5.18 y 8.0.8.0 podr\u00eda permitir a un atacante remoto ejecutar c\u00f3digo arbitrario en el sistema, debido a un fallo de deserializaci\u00f3n inseguro. Mediante el env\u00edo de datos especialmente dise\u00f1ados, un atacante podr\u00eda aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema. ID de IBM X-Force: 236069. "
    }
  ],
  "id": "CVE-2022-40609",
  "lastModified": "2024-11-21T07:21:43.020",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-08-02T15:15:09.833",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236069"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7017032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7017032"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-11 22:29
Modified
2024-11-21 04:00
Severity ?
5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
References
psirt@us.ibm.comhttp://www.securityfocus.com/bid/107448Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/152081VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10873042Patch, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10873332Patch, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=ibm10874750Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107448Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/152081VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10873042Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10873332Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=ibm10874750Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm sdk 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sdk:8.0:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "6DEFC54D-3C43-499D-8F5E-75A02E5A1DF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081."
    },
    {
      "lang": "es",
      "value": "IBM SDK, Java Technology Edition, en su versi\u00f3n 8 en la plataforma AIX, utiliza RPATHS absolutas, lo que podr\u00eda facilitar una inyecci\u00f3n de c\u00f3digo y un escalado de privilegios por usuarios locales. IBM X-Force ID: 152081."
    }
  ],
  "id": "CVE-2018-1890",
  "lastModified": "2024-11-21T04:00:32.843",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "LOW",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 3.7,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-11T22:29:00.343",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107448"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152081"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873042"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873332"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10874750"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152081"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873042"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10874750"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-427"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-08-20 21:29
Modified
2024-11-21 04:00
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10719653Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/105118Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1041765Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2018:2568Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2018:2569Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2018:2575Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2018:2576Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2018:2712Third Party Advisory
psirt@us.ibm.comhttps://access.redhat.com/errata/RHSA-2018:2713Third Party Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144882VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10719653Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105118Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041765Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2568Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2569Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2575Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2576Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2712Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2713Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144882VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
ibm sdk 6.0
ibm sdk 7.0
ibm sdk 8.0
redhat satellite 5.6
redhat satellite 5.7
redhat satellite 5.8
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sdk:6.0:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "EF02960B-E980-4103-B07B-32C1C7B08F05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:7.0:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "D0A92203-4292-493C-831F-514D1E013F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:8.0:*:*:*:java_technology:*:*:*",
              "matchCriteriaId": "6DEFC54D-3C43-499D-8F5E-75A02E5A1DF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4840254-CC76-4113-BC61-360BD15582B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "85EA16E0-9261-45C4-840F-5366E9EAC5E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F86C3C-B99C-44C6-97D7-163DC3F59687",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The IBM Java Runtime Environment\u0027s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882."
    },
    {
      "lang": "es",
      "value": "Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0, 7.0 y 8.0) de IBM Java Runtime Environment no protege contra ataques de salto de directorio cuando se extraen archivos de volcado comprimidos. IBM X-Force ID: 144882."
    }
  ],
  "id": "CVE-2018-1656",
  "lastModified": "2024-11-21T04:00:08.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-20T21:29:01.293",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719653"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105118"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041765"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2568"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2569"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2575"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2576"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2712"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2713"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105118"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-07-02 14:59
Modified
2025-04-12 10:46
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
References
cve@mitre.orghttp://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerabilityVendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21980827Vendor Advisory
cve@mitre.orghttps://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29Patch, Third Party Advisory
cve@mitre.orghttps://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401Patch, Third Party Advisory
cve@mitre.orghttps://github.com/npm/npm/issues/8380Third Party Advisory
cve@mitre.orghttps://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerabilityVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21980827Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/npm/npm/issues/8380Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/Vendor Advisory
Impacted products
Vendor Product Version
ibm sdk *
ibm sdk *
ibm sdk *
nodejs node.js 0.10.0
nodejs node.js 0.10.1
nodejs node.js 0.10.2
nodejs node.js 0.10.3
nodejs node.js 0.10.4
nodejs node.js 0.10.5
nodejs node.js 0.10.6
nodejs node.js 0.10.7
nodejs node.js 0.10.8
nodejs node.js 0.10.9
nodejs node.js 0.10.10
nodejs node.js 0.10.11
nodejs node.js 0.10.12
nodejs node.js 0.10.13
nodejs node.js 0.10.14
nodejs node.js 0.10.15
nodejs node.js 0.10.16
nodejs node.js 0.10.16-isaacs-manual
nodejs node.js 0.10.17
nodejs node.js 0.10.18
nodejs node.js 0.10.19
nodejs node.js 0.10.20
nodejs node.js 0.10.21
nodejs node.js 0.10.22
nodejs node.js 0.10.23
nodejs node.js 0.10.24
nodejs node.js 0.10.25
nodejs node.js 0.10.26
nodejs node.js 0.10.27
nodejs node.js 0.10.28
nodejs node.js 0.10.29
nodejs node.js 0.10.30
nodejs node.js 0.10.31
nodejs node.js 0.10.32
nodejs node.js 0.10.33
nodejs node.js 0.10.34
nodejs node.js 0.10.35
nodejs node.js 0.10.36
nodejs node.js 0.10.37
nodejs node.js 0.10.38
nodejs node.js 0.10.39
nodejs node.js 0.10.40
nodejs node.js 0.10.41
nodejs node.js 0.12.0
nodejs node.js 0.12.1
nodejs node.js 0.12.2
nodejs node.js 0.12.3
nodejs node.js 0.12.4
nodejs node.js 0.12.5
nodejs node.js 0.12.6
nodejs node.js 0.12.7
nodejs node.js 0.12.8
nodejs node.js 0.12.9
nodejs node.js 4.0.0
nodejs node.js 4.1.0
nodejs node.js 4.1.1
nodejs node.js 4.1.2
nodejs node.js 4.2.0
nodejs node.js 4.2.1
nodejs node.js 4.2.2
nodejs node.js 4.2.3
nodejs node.js 4.2.4
nodejs node.js 4.2.5
nodejs node.js 4.2.6
nodejs node.js 4.3.0
nodejs node.js 4.3.1
nodejs node.js 4.3.1
nodejs node.js 4.3.1
nodejs node.js 4.3.2
nodejs node.js 4.4.0
nodejs node.js 4.4.0
nodejs node.js 4.4.0
nodejs node.js 4.4.0
nodejs node.js 4.4.0
nodejs node.js 4.4.1
nodejs node.js 5.0.0
nodejs node.js 5.1.0
nodejs node.js 5.1.1
nodejs node.js 5.2.0
nodejs node.js 5.3.0
nodejs node.js 5.4.0
nodejs node.js 5.4.1
nodejs node.js 5.5.0
nodejs node.js 5.6.0
nodejs node.js 5.7.0
nodejs node.js 5.7.1
nodejs node.js 5.8.0
nodejs node.js 5.8.1
nodejs node.js 5.9.0
nodejs node.js 5.9.1
npmjs npm *
npmjs npm *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*",
              "matchCriteriaId": "F581B2CF-A05C-4ABB-9042-A34085A546D4",
              "versionEndIncluding": "1.1.0.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*",
              "matchCriteriaId": "748ABD64-797B-422E-A456-0A97AD24F29B",
              "versionEndIncluding": "1.2.0.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:sdk:*:*:*:*:*:nodejs:*:*",
              "matchCriteriaId": "3B824DD1-B652-47FF-B934-3C7A59DDF5DF",
              "versionEndIncluding": "4.4.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF2E637C-EA49-4DB6-B4D5-B4684A9549C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1966CED-11A1-4328-A57E-308BE5E4CCD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9F46AD2-BB74-4391-8A4F-7BE49EF41F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC36E36A-9592-49DA-AACE-B3638FC55F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98E9F42-08BC-49B5-90C8-AC3EA7960C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA37EF5-DF97-467B-9A56-1611345387FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F0BD0C1-2294-4AFB-B4AE-C81576FB9AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4057D560-81EE-49ED-888C-89560DBE3348",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F87810E1-BDAD-455D-82E3-334CC102AB2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BC00B3A-3C9D-4487-9686-775CBAA1CC42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0A4F5B-4546-414C-A209-07C27ED1C944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2515087F-B272-4B76-99F4-ACA0C2460046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C7016DE-A3A5-450B-9FBD-2C98A07FF3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1848A7-E68E-4CB4-B73C-C5200ABAC9DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "59F861AB-574A-41BF-8E2D-6440B35C2AA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C8CEF8-49E1-4CB0-837B-E85C76BF9DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C7101A5-FDC9-4897-B8E8-6A07790D42A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.16-isaacs-manual:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7776F01-29AC-4161-9C91-C7392C6A356E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CADD766-8328-4669-BE66-A4757D5FB471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD9792E9-2593-46B4-9633-E2F2DB11106B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF209248-8921-419A-86EB-30E7095E4514",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C0D6C34-E046-40BD-907D-0E2510C09A14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5CBB83F-19AD-44BD-B7D4-19C1A8F80011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6E2EA97-156D-4870-8967-78E4ED6EF64F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "54961BCA-8730-4B40-8385-41F6D65797F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "B22FA598-E613-4652-92CD-237F749D13DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F321AF-FCC7-456D-AFE2-2CEF9CBAFCC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "18F2EC65-2A47-4C45-8D58-63D18443B767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0517A28-70F9-4947-BEF0-9CC645388BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DD5BBD-922E-4026-9DEC-98CF9411CE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "63E078BA-8BDC-47EB-84B9-09B785FD1213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9971A7-1C18-43C0-97BC-27096609EFC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EA5107B-4347-4D43-ADA6-141527A40333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.32:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C679CFA-50D4-430B-B372-113CE236EACC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.33:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7AA6FEE-C630-4545-BCCF-3C211461C6C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.34:*:*:*:*:*:*:*",
              "matchCriteriaId": "682E8A32-1F1E-4427-BAD8-58596F85F170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.35:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9827EF0-E340-4A75-9735-F20CDF09CA42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C02C09-D738-45B1-BF6F-A4499E5F8D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE85CACC-842F-46C7-966D-48E866055A5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.38:*:*:*:*:*:*:*",
              "matchCriteriaId": "771BCA5F-B762-4569-AB46-08A13A4EFD5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.39:*:*:*:*:*:*:*",
              "matchCriteriaId": "21E05024-3647-456D-A731-D19411FED2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "89929EB1-D723-496B-A7C6-4B4CD9C176B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.10.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3EA4652-EF0E-414C-AEB8-AEFE788B66A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC9002F9-87C4-4C7F-9BD9-430EB15CD4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EF734D-9E6B-4E01-9AFE-C0B847D583A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12606C39-6F39-4DDF-9B36-A160875B265F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC4D8789-33C3-498A-857D-CC6576732C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "466E8851-6BE7-4716-AB16-3E985411C35C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5C4DB21-F35A-4567-8B04-85DB3089CDF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA7E7436-117A-4F79-BA7A-2A0059BB9694",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "037511C2-3FA9-4A4C-996B-A1462C221DA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "65EEB1B9-2E75-46F4-B70C-94991D38B427",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:0.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E5C5750-10F3-45D7-AC9B-7EA06F4B3887",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0390D600-532D-4675-95BB-10EC4E06F3E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AAF7CD-9AE6-4A4B-858E-4B17031BD058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCB6010-AC31-4B61-9DA6-E119ADC5D70B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5364365-36F1-49C0-BF8D-2D5054BC7B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0740684D-989A-4957-8AC1-AAB01A04E393",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "08C97202-6AEC-4B8D-B3F6-49F6AEF9CFD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFA073A-9AC2-4162-9DDA-B6CD0AE53D3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F8FD4B3-D515-486A-94A3-29CBDA2E25CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E18631-9502-42CC-A85A-EA5742FDC317",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CCBC213-1524-4C88-9EB3-52E003070A3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C928FB55-2F33-4458-8484-4010AE8883A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CEEFA5F-2B32-4CA0-84AD-E0ECA0F81078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4754B0A8-A7D7-41A1-BFE5-10D84E7CEC1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:rc.1:*:*:*:*:*:*",
              "matchCriteriaId": "5545EA7D-77F3-439B-B524-E126E38FC0EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.3.1:rc.2:*:*:*:*:*:*",
              "matchCriteriaId": "375D5E3C-4ED5-4BA2-868D-83DC64DA0293",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D132104E-163C-47EE-B247-578D64AC88D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E208FB1-A772-4002-BD56-3360BDDFEF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.1:*:*:*:*:*:*",
              "matchCriteriaId": "C357BFEF-5156-4254-97D9-0D9CE98505BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.2:*:*:*:*:*:*",
              "matchCriteriaId": "8EC465B1-1FE1-4BCA-8754-C55B94947140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.3:*:*:*:*:*:*",
              "matchCriteriaId": "3E702637-0A91-4572-9932-529837214667",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.4.0:rc.4:*:*:*:*:*:*",
              "matchCriteriaId": "EBAD975C-7A68-48B3-83CE-6876D92B1A0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:4.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "14BE6C0B-E6EC-4CD2-912B-45DE9F94BA59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64F7E56E-CA65-47C3-9ADA-F13A834D3961",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "183A5888-01C5-4977-9C66-1467FFA6D457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F811E8BB-F1C8-43BE-BEAD-FC4FE122ABEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEDE8D29-7C15-44D1-8D5C-0E438D9DE029",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DCA3C10-FB37-4256-812A-EB8A3A095E6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "54197CC5-9C7D-4DCE-A60F-625DE246E5A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6173A6E4-F472-46CF-9762-6F3CAAFD9C3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4C25A52-E3C0-4429-AB96-1E33523E51D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "590070D6-198A-456E-A55D-D0B06DD3FF8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46FCC5E2-1106-4153-B8C6-5E9594735529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56778D45-8B99-406D-BE97-034D3A29F32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0C7E2F2-8C41-4F3B-848A-144DCA30FC69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.8.1:rc.1:*:*:*:*:*:*",
              "matchCriteriaId": "22969DF2-6A8A-4483-9EEF-65DEE6A945E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11778EAE-5DCD-4D4E-807B-FD3C0DC47BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C203335-0CB9-4B38-80C1-344607FFAE29",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A529ED-154E-40BA-86B3-297613BBD237",
              "versionEndExcluding": "2.15.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:npmjs:npm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B884EB02-113D-4867-BC74-CEA49F19142F",
              "versionEndExcluding": "3.8.3",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers."
    },
    {
      "lang": "es",
      "value": "La CLI en npm en versiones anteriores a 2.15.1 y 3.x en versiones anteriores a 3.8.3, tal como se utiliza en Node.js 0.10 en versiones anteriores a 0.10.44, 0.12 en versiones anteriores a 0.12.13, 4 en versiones anteriores a 4.4.2 y 5 en versiones anteriores a 5.10.0, incluye tokens portadores con peticiones arbitrarias, lo que permite a servidores HTTP remotos obtener informaci\u00f3n sensible leyendo cabeceras de autorizaci\u00f3n."
    }
  ],
  "id": "CVE-2016-3956",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-02T14:59:19.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/npm/issues/8380"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/npm/npm/issues/8380"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-1289 (GCVE-0-2017-1289)
Vulnerability from cvelistv5
Published
2017-05-22 20:00
Modified
2024-08-05 13:32
Severity ?
CWE
  • Obtain Information
Summary
IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150.
References
https://access.redhat.com/errata/RHSA-2017:1221 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1220 vendor-advisory, x_refsource_REDHAT
https://www.ibm.com/support/docview.wss?uid=swg22002169 x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1222 vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/98401 vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:3453 vendor-advisory, x_refsource_REDHAT
Impacted products
Vendor Product Version
IBM Corporation Runtimes for Java Technology Version: 6.0, 6.1, 7.0, 7.1, 8.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:27.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2017:1221",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1221"
          },
          {
            "name": "RHSA-2017:1220",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1220"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg22002169"
          },
          {
            "name": "RHSA-2017:1222",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:1222"
          },
          {
            "name": "98401",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/98401"
          },
          {
            "name": "RHSA-2017:3453",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3453"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Runtimes for Java Technology",
          "vendor": "IBM Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "6.0, 6.1, 7.0, 7.1, 8.0"
            }
          ]
        }
      ],
      "datePublic": "2017-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Obtain Information",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-04T19:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "RHSA-2017:1221",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1221"
        },
        {
          "name": "RHSA-2017:1220",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1220"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg22002169"
        },
        {
          "name": "RHSA-2017:1222",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:1222"
        },
        {
          "name": "98401",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/98401"
        },
        {
          "name": "RHSA-2017:3453",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3453"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2017-1289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Runtimes for Java Technology",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0, 6.1, 7.0, 7.1, 8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM SDK, Java Technology Edition is vulnerable XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 125150."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Obtain Information"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2017:1221",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1221"
            },
            {
              "name": "RHSA-2017:1220",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1220"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg22002169",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg22002169"
            },
            {
              "name": "RHSA-2017:1222",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:1222"
            },
            {
              "name": "98401",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/98401"
            },
            {
              "name": "RHSA-2017:3453",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3453"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1289",
    "datePublished": "2017-05-22T20:00:00",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-08-05T13:32:27.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-4732 (GCVE-0-2019-4732)
Vulnerability from cvelistv5
Published
2020-02-03 16:45
Modified
2024-09-16 22:09
Severity ?
7.2 (High) - CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618.
References
Impacted products
Vendor Product Version
IBM Java Version: 7.0.0.0
Version: 7.1.0.0
Version: 8.0.0.0
Version: 7.0.10.55
Version: 7.1.4.55
Version: 8.0.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:40:48.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/1288060"
          },
          {
            "name": "ibm-sdk-cve20194732-code-exec (172618)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Java",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0.0.0"
            },
            {
              "status": "affected",
              "version": "7.1.0.0"
            },
            {
              "status": "affected",
              "version": "8.0.0.0"
            },
            {
              "status": "affected",
              "version": "7.0.10.55"
            },
            {
              "status": "affected",
              "version": "7.1.4.55"
            },
            {
              "status": "affected",
              "version": "8.0.6.0"
            }
          ]
        }
      ],
      "datePublic": "2020-01-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.3,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AC:H/AV:L/PR:H/I:H/C:H/A:H/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-03T16:45:18",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/1288060"
        },
        {
          "name": "ibm-sdk-cve20194732-code-exec (172618)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-01-31T00:00:00",
          "ID": "CVE-2019-4732",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Java",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0.0.0"
                          },
                          {
                            "version_value": "7.1.0.0"
                          },
                          {
                            "version_value": "8.0.0.0"
                          },
                          {
                            "version_value": "7.0.10.55"
                          },
                          {
                            "version_value": "7.1.4.55"
                          },
                          {
                            "version_value": "8.0.6.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM SDK, Java Technology Edition Version 7.0.0.0 through 7.0.10.55, 7.1.0.0 through 7.1.4.55, and 8.0.0.0 through 8.0.6.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially-crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 172618."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "H",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/1288060",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 1288060 (Java)",
              "url": "https://www.ibm.com/support/pages/node/1288060"
            },
            {
              "name": "ibm-sdk-cve20194732-code-exec (172618)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/172618"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4732",
    "datePublished": "2020-02-03T16:45:18.286953Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T22:09:29.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1656 (GCVE-0-2018-1656)
Vulnerability from cvelistv5
Published
2018-08-20 21:00
Modified
2024-09-16 18:09
Severity ?
7.4 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
CWE
  • File Manipulation
Summary
The IBM Java Runtime Environment's Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882.
References
Impacted products
Vendor Product Version
IBM SDK, Java Technology Edition Version: 6.0
Version: 7.0
Version: 8.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.103Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719653"
          },
          {
            "name": "ibm-java-cve20181656-file-overwrite(144882)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
          },
          {
            "name": "RHSA-2018:2713",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2713"
          },
          {
            "name": "105118",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105118"
          },
          {
            "name": "RHSA-2018:2575",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2575"
          },
          {
            "name": "RHSA-2018:2576",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2576"
          },
          {
            "name": "RHSA-2018:2568",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2568"
          },
          {
            "name": "RHSA-2018:2569",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2569"
          },
          {
            "name": "RHSA-2018:2712",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2712"
          },
          {
            "name": "1041765",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041765"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SDK, Java Technology Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "6.0"
            },
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "8.0"
            }
          ]
        }
      ],
      "datePublic": "2018-08-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The IBM Java Runtime Environment\u0027s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 6.4,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/A:N/AC:L/AV:N/C:N/I:H/PR:N/S:C/UI:R/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "File Manipulation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:20",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719653"
        },
        {
          "name": "ibm-java-cve20181656-file-overwrite(144882)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
        },
        {
          "name": "RHSA-2018:2713",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2713"
        },
        {
          "name": "105118",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105118"
        },
        {
          "name": "RHSA-2018:2575",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2575"
        },
        {
          "name": "RHSA-2018:2576",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2576"
        },
        {
          "name": "RHSA-2018:2568",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2568"
        },
        {
          "name": "RHSA-2018:2569",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2569"
        },
        {
          "name": "RHSA-2018:2712",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2712"
        },
        {
          "name": "1041765",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041765"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2018-08-16T00:00:00",
          "ID": "CVE-2018-1656",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SDK, Java Technology Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "6.0"
                          },
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "8.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The IBM Java Runtime Environment\u0027s Diagnostic Tooling Framework for Java (DTFJ) (IBM SDK, Java Technology Edition 6.0 , 7.0, and 8.0) does not protect against path traversal attacks when extracting compressed dump files. IBM X-Force ID: 144882."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "N",
              "AC": "L",
              "AV": "N",
              "C": "N",
              "I": "H",
              "PR": "N",
              "S": "C",
              "UI": "R"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "File Manipulation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10719653",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10719653"
            },
            {
              "name": "ibm-java-cve20181656-file-overwrite(144882)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144882"
            },
            {
              "name": "RHSA-2018:2713",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2713"
            },
            {
              "name": "105118",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105118"
            },
            {
              "name": "RHSA-2018:2575",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2575"
            },
            {
              "name": "RHSA-2018:2576",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2576"
            },
            {
              "name": "RHSA-2018:2568",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2568"
            },
            {
              "name": "RHSA-2018:2569",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2569"
            },
            {
              "name": "RHSA-2018:2712",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2712"
            },
            {
              "name": "1041765",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041765"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1656",
    "datePublished": "2018-08-20T21:00:00Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:09:14.892Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2016-3956 (GCVE-0-2016-3956)
Vulnerability from cvelistv5
Published
2016-07-02 14:00
Modified
2024-08-06 00:10
Severity ?
CWE
  • n/a
Summary
The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T00:10:31.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/npm/npm/issues/8380"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-07-02T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/npm/npm/issues/8380"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-3956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js 0.10 before 0.10.44, 0.12 before 0.12.13, 4 before 4.4.2, and 5 before 5.10.0, includes bearer tokens with arbitrary requests, which allows remote HTTP servers to obtain sensitive information by reading Authorization headers."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/npm/npm/issues/8380",
              "refsource": "CONFIRM",
              "url": "https://github.com/npm/npm/issues/8380"
            },
            {
              "name": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29",
              "refsource": "CONFIRM",
              "url": "https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21980827"
            },
            {
              "name": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401",
              "refsource": "CONFIRM",
              "url": "https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401"
            },
            {
              "name": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability",
              "refsource": "CONFIRM",
              "url": "http://blog.npmjs.org/post/142036323955/fixing-a-bearer-token-vulnerability"
            },
            {
              "name": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/",
              "refsource": "CONFIRM",
              "url": "https://nodejs.org/en/blog/vulnerability/npm-tokens-leak-march-2016/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-3956",
    "datePublished": "2016-07-02T14:00:00",
    "dateReserved": "2016-04-05T00:00:00",
    "dateUpdated": "2024-08-06T00:10:31.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-40609 (GCVE-0-2022-40609)
Vulnerability from cvelistv5
Published
2023-08-02 14:21
Modified
2024-10-17 18:51
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-502 - Deserialization of Untrusted Data
Summary
IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.
References
Impacted products
Vendor Product Version
IBM SDK, Java Technology Edition Version: 7.1.5.18, 8.0.8.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:21:46.488Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7017032"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236069"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-40609",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-17T18:51:14.953658Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-17T18:51:39.988Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SDK, Java Technology Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.1.5.18, 8.0.8.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  236069."
            }
          ],
          "value": "IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system.  IBM X-Force ID:  236069."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502 Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-02T14:21:51.701Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7017032"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/236069"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM SDK, Java Technology Edition code execution",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2022-40609",
    "datePublished": "2023-08-02T14:21:51.701Z",
    "dateReserved": "2022-09-12T19:35:30.248Z",
    "dateUpdated": "2024-10-17T18:51:39.988Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1890 (GCVE-0-2018-1890)
Vulnerability from cvelistv5
Published
2019-03-11 22:00
Modified
2025-02-13 16:27
Severity ?
5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C
CWE
  • Gain Privileges
Summary
IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081.
References
Impacted products
Vendor Product Version
IBM WebSphere Application Server Patterns Version: 1.0.0.0
Version: 1.0.0.7
Version: 2.2.0.0
Version: 2.2.5.3
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-sdk-cve20181890-code-exec(152081)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152081"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873042"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873332"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=ibm10874750"
          },
          {
            "name": "107448",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107448"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WebSphere Application Server Patterns",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "1.0.0.0"
            },
            {
              "status": "affected",
              "version": "1.0.0.7"
            },
            {
              "status": "affected",
              "version": "2.2.0.0"
            },
            {
              "status": "affected",
              "version": "2.2.5.3"
            }
          ]
        },
        {
          "product": "WebSphere Application Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "7.0"
            },
            {
              "status": "affected",
              "version": "8.0"
            },
            {
              "status": "affected",
              "version": "8.5"
            },
            {
              "status": "affected",
              "version": "9.0"
            },
            {
              "status": "affected",
              "version": "Liberty"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Runtimes for Java Technology",
          "vendor": "IBM"
        }
      ],
      "datePublic": "2019-03-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 4.9,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:L/AC:H/AV:L/C:L/I:L/PR:N/S:C/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T03:01:03.000Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ibm-sdk-cve20181890-code-exec(152081)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152081"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873042"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873332"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=ibm10874750"
        },
        {
          "name": "107448",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107448"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-03-01T00:00:00",
          "ID": "CVE-2018-1890",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WebSphere Application Server Patterns",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.0.0.0"
                          },
                          {
                            "version_value": "1.0.0.7"
                          },
                          {
                            "version_value": "2.2.0.0"
                          },
                          {
                            "version_value": "2.2.5.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "WebSphere Application Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.0"
                          },
                          {
                            "version_value": "8.0"
                          },
                          {
                            "version_value": "8.5"
                          },
                          {
                            "version_value": "9.0"
                          },
                          {
                            "version_value": "Liberty"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Runtimes for Java Technology",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM SDK, Java Technology Edition Version 8 on the AIX platform uses absolute RPATHs which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 152081."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "L",
              "AC": "H",
              "AV": "L",
              "C": "L",
              "I": "L",
              "PR": "N",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-sdk-cve20181890-code-exec(152081)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152081"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10873042",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873042"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10873332",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10873332"
            },
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=ibm10874750",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=ibm10874750"
            },
            {
              "name": "107448",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107448"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1890",
    "datePublished": "2019-03-11T22:00:00.000Z",
    "dateReserved": "2017-12-13T00:00:00.000Z",
    "dateUpdated": "2025-02-13T16:27:18.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}