Security Bulletin: Multiple Vulnerabilities in IBM Edge Application Manager.
Discription

image
Summary Multiple vulnerabilities were addressed in IBM Edge Application Manager 4.5.9. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt jwt-go could allow a remote attacker to obtain sensitive information, caused by improper error handling in ParseWithClaims. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. CWE:CWE-755: Improper Handling of Exceptional Conditions CVSS Source: IBM X-Force CVSS Base score: 3.1 CVSS Vector:(CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) CVEID:CVE-2024-21536 DESCRIPTION: http-proxy-middleware is vulnerable to a denial of service, caused by an UnhandledPromiseRejection error thrown by micromatch. By sending specially crafted requests to certain paths, a remote attacker could exploit this vulnerability to kill the Node.js process and crash the server. CWE:CWE-400: Uncontrolled Resource Consumption CVSS Source: IBM X-Force CVSS Base score: 7.5 CVSS Vector:(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:CVE-2024-52798 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an…Read More

Back to Main

Subscribe for the latest news: