Security Bulletin: Open Source Dependency Vulnerability
Discription

## Summary

IBM Edge Application Manager 4.5 has resolved the vulnerability.

## Vulnerability Details

** IBM X-Force ID: **239925
** DESCRIPTION: **Apollo GraphQL Apollo Server is vulnerable to web cache poisoning, caused by improper handling of cache-control response header. By modifying HTTP request headers, an attacker could exploit this vulnerability to perform cache poisoning attacks.
CVSS Base score: 7.5
CVSS Temporal Score: See: [https://exchange.xforce.ibmcloud.com/vulnerabilities/239925 ]() for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

## Affected Products and Versions

Affected Product(s)| Version(s)
—|—
IBM Edge Application Manager| 4.4
IBM Edge Application Manager| 4.3

## Remediation/Fixes

The fix/upgrade is a set of docker images, that will automatically be pulled and deployed from both dockerhub and the IBM Entitled Registry.

## Workarounds and Mitigations

None

##Read More

Back to Main

Subscribe for the latest news: