IBM Edge Application Manager 4.5 has resolved the vulnerability.
## Vulnerability Details
** IBM X-Force ID: **239925
** DESCRIPTION: **Apollo GraphQL Apollo Server is vulnerable to web cache poisoning, caused by improper handling of cache-control response header. By modifying HTTP request headers, an attacker could exploit this vulnerability to perform cache poisoning attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/239925 ]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
## Affected Products and Versions
Affected Product(s)| Version(s)
IBM Edge Application Manager| 4.4
IBM Edge Application Manager| 4.3
The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.
## Workarounds and Mitigations
Back to Main