Vulnerability Name:

CVE-2020-5258 (CCN-177751)

Assigned:2020-03-10
Published:2020-03-10
Updated:2022-07-25
Summary:In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
CVSS v3 Severity:7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N)
6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2020-5258

Source: CCN
Type: Red Hat Bugzilla – Bug 1812404
(CVE-2020-5258) - CVE-2020-5258 dojo: Prototype pollution in deepCopy method could result in code injection

Source: XF
Type: UNKNOWN
dojo-cve20205258-code-injection(177751)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d

Source: CCN
Type: dojo GIT Repository
Prototype pollution

Source: CONFIRM
Type: Exploit, Third Party Advisory
https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2

Source: MLIST
Type: Mailing List, Third Party Advisory
[qpid-users] 20210314 Re: Addressing CVE-2020-5258 in Qpid Broker-J

Source: MLIST
Type: Mailing List, Third Party Advisory
[qpid-users] 20210318 Re: Addressing CVE-2020-5258 in Qpid Broker-J

Source: MLIST
Type: Mailing List, Third Party Advisory
[qpid-users] 20210309 Addressing CVE-2020-5258 in Qpid Broker-J

Source: CCN
Type: Debian Mailing list, Thu, 12 Mar 2020 00:44:41 +0530
[SECURITY] [DLA 2139-1] dojo security update

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20200311 [SECURITY] [DLA 2139-1] dojo security update

Source: CCN
Type: IBM Security Bulletin 6212199 (DataPower Gateway)
IBM DataPower Gateway affected by multiple vulnerabilities in Dojo

Source: CCN
Type: IBM Security Bulletin 6221682 (Spectrum Protect Operations Center)
Vulnerabilities in Dojo affect IBM Spectrum Protect Operations Center (CVE-2020-5259, CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6241366 (Tivoli Netcool Impact)
IBM Tivoli Netcool Impact is affected by IBM Dojo Toolkit vulnerabilities (CVE-2020-5258, CVE-2020-5259)

Source: CCN
Type: IBM Security Bulletin 6243498 (Content Navigator)
IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability

Source: CCN
Type: IBM Security Bulletin 6245414 (Spectrum Protect Snapshot for VMware)
Vulnerabilities in Dojo affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-5259, CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6245418 (Spectrum Protect for Virtual Environments Data Protection forVmware)
Vulnerabilities in Dojo affect IBM Spectrum Protect for Virtual Environments (CVE-2020-5259, CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6412297 (Business Automation Workflow)
Multiple vulnerabilities in dojo may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Source: CCN
Type: IBM Security Bulletin 6412345 (Cloud Pak for Automation)
Multiple vulnerabilities affect IBM Cloud Pak for Automation

Source: CCN
Type: IBM Security Bulletin 6443101 (WebSphere Application Server)
Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6443575 (Financial Transaction Manager)
Financial Transaction Manager for Corporate Payment Services is affected by a potential code injection vulnerability (CVE-2020-5268)

Source: CCN
Type: IBM Security Bulletin 6450379 (Financial Transaction Manager)
Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6450387 (Financial Transaction Manager)
Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Interac e-Transfers for Red Hat OpenShift (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6451569 (Financial Transaction Manager)
Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6452161 (Cloud Orchestrator)
Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise

Source: CCN
Type: IBM Security Bulletin 6454803 (Spectrum Control)
Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control

Source: CCN
Type: IBM Security Bulletin 6455281 (Security Guardium)
IBM Security Guardium is affected by multiple vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6455951 (Tivoli Application Dependency Discovery Manager)
Information disclosure vulnerability in WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6457785 (Content Collector for Email)
Embedded WebSphere Application Server is affected by vulnerability in Dojo, which affects Content Collector for Email

Source: CCN
Type: IBM Security Bulletin 6465585 (IoT MessageSight)
A vulnerability in IBM WebSphere Liberty affects IBM WIoTP MessageGateway

Source: CCN
Type: IBM Security Bulletin 6465937 (InfoSphere Master Data Management)
Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management

Source: CCN
Type: IBM Security Bulletin 6466327 (Cloud Transformation Advisor)
IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6467161 (Rational Asset Analyzer)
Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6467555 (Tivoli Netcool/OMNIbus)
Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI

Source: CCN
Type: IBM Security Bulletin 6471655 (Tivoli Monitoring)
Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server

Source: CCN
Type: IBM Security Bulletin 6471895 (Security Verify Access Docker)
Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container

Source: CCN
Type: IBM Security Bulletin 6471953 (Common Licensing)
Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent

Source: CCN
Type: IBM Security Bulletin 6472721 (SPSS Collaboration and Deployment Services)
Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6476204 (Spectrum Scale)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale.

Source: CCN
Type: IBM Security Bulletin 6476208 (Elastic Storage Server)
A vulnerability in IBM WebSphere Application Server Liberty affects IBM Elastic Storage System (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6477552 (Curam SPM)
Vulnerability in Dojo may affect Curam Social Program Management (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6479341 (Workload Scheduler)
Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6486351 (Cloud Private)
IBM Cloud Private is vulnerable to Dojo vulnerabilities (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6497449 (Elastic Storage Server)
A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2020-5258)

Source: CCN
Type: IBM Security Bulletin 6611967 (Cloud Pak for Automation)
Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022

Source: CCN
Type: IBM Security Bulletin 6962117 (Financial Transaction Manager)
Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6963652 (Sterling B2B Integrator)
EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit

Source: CCN
Type: IBM Security Bulletin 7008939 (Security Verify Governance)
Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: Oracle CPUJul2020
Oracle Critical Patch Update Advisory - July 2020

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html

Source: CCN
Type: Oracle CPUJul2021
Oracle Critical Patch Update Advisory - July 2021

Source: CCN
Type: Oracle CPUJul2022
Oracle Critical Patch Update Advisory - July 2022

Source: N/A
Type: UNKNOWN
N/A

Source: CCN
Type: Oracle CPUOct2021
Oracle Critical Patch Update Advisory - October 2021

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.13.0 and < 1.13.7)
  • OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.14.0 and < 1.14.6)
  • OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.15.0 and < 1.15.3)
  • OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.16.0 and < 1.16.2)
  • OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version < 1.11.10)
  • OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.12.0 and < 1.12.8)

  • Configuration 2:
  • cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12)
  • OR cpe:/a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.20)
  • OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.6.0 and <= 7.6.14)
  • OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.5.0 and <= 7.5.18)
  • OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.4.0 and <= 7.4.28)
  • OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.3.0 and <= 7.3.29)
  • OR cpe:/a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:documaker:*:*:*:*:*:*:*:* (Version >= 12.6.0 and <= 12.6.4)
  • OR cpe:/a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:linuxfoundation:dojo:1.11.10:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.12.0:-:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.12.7:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.13.6:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.14.0:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.14.5:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.15.0:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.15.2:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.16.0:*:*:*:*:node.js:*:*
  • OR cpe:/a:linuxfoundation:dojo:1.16.1:*:*:*:*:node.js:*:*
  • AND
  • cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_process_manager:8.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.1:*:*:*:*:cps_services:*:*
  • OR cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:5.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_orchestrator:2.5.0.10:*:*:*:-:*:*:*
  • OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:iot_messagesight:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:iot_messagesight:5.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:email:*:*:*
  • OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_snapshot:4.1.0.0:*:*:*:*:vmware:*:*
  • OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_automation:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.0.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.0.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.9.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.10.000:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:18.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:19.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_control:5.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:21.0.0.3:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:websphere_application_server:21.0.0.3:*:*:*:liberty:*:*:*
  • OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.0.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:spectrum_scale:5.1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:financial_transaction_manager:3.2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:sterling_b2b_integrator:6.1.2.1:*:*:*:standard:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.bionic:def:202052580000000
    V
    CVE-2020-5258 on Ubuntu 18.04 LTS (bionic) - medium.
    2020-03-10
    oval:com.ubuntu.xenial:def:202052580000000
    V
    CVE-2020-5258 on Ubuntu 16.04 LTS (xenial) - medium.
    2020-03-10
    BACK
    linuxfoundation dojo *
    linuxfoundation dojo *
    linuxfoundation dojo *
    linuxfoundation dojo *
    linuxfoundation dojo *
    linuxfoundation dojo *
    debian debian linux 8.0
    oracle webcenter sites 12.2.1.3.0
    oracle primavera unifier 18.8
    oracle primavera unifier *
    oracle communications policy management 12.5.0
    oracle weblogic server 12.2.1.4.0
    oracle primavera unifier 19.12
    oracle webcenter sites 12.2.1.4.0
    oracle weblogic server 14.1.1.0.0
    oracle mysql *
    oracle primavera unifier 20.12
    oracle mysql *
    oracle mysql *
    oracle mysql *
    oracle mysql *
    oracle communications pricing design center 12.0.0.3.0
    oracle documaker *
    oracle communications application session controller 3.9.0
    linuxfoundation dojo 1.11.10
    linuxfoundation dojo 1.12.0 -
    linuxfoundation dojo 1.12.7
    linuxfoundation dojo 1.13.6
    linuxfoundation dojo 1.14.0
    linuxfoundation dojo 1.14.5
    linuxfoundation dojo 1.15.0
    linuxfoundation dojo 1.15.2
    linuxfoundation dojo 1.16.0
    linuxfoundation dojo 1.16.1
    ibm websphere application server 7.0
    ibm websphere application server 8.0
    ibm websphere application server 8.5
    ibm business process manager 8.5
    ibm tivoli netcool/omnibus 8.1.0
    ibm websphere application server 9.0
    ibm infosphere master data management 11.6
    ibm financial transaction manager 3.0.2
    ibm business process manager 8.6
    oracle webcenter sites 12.2.1.3.0
    ibm security guardium 10.5
    oracle primavera unifier 17.12
    ibm rational asset analyzer 6.1.0.0
    ibm tivoli monitoring 6.3.0.2
    ibm tivoli monitoring 6.3.0.3
    ibm tivoli monitoring 6.3.0.4
    ibm tivoli monitoring 6.3.0.5
    ibm tivoli monitoring 6.3.0.6
    ibm tivoli monitoring 6.3.0.7
    ibm financial transaction manager 3.2.0
    oracle primavera unifier 18.8
    ibm spectrum scale 5.0.0.0
    oracle application testing suite 13.3.0.1
    ibm financial transaction manager 3.2.1
    ibm datapower gateway 2018.4.1.0
    ibm sterling b2b integrator 6.0.0.0
    ibm security guardium 10.6
    ibm elastic storage server 5.3.0
    ibm spectrum control 5.3.1
    ibm spectrum control 5.3.2
    ibm spectrum control 5.3.3
    ibm spectrum control 5.3.0.1
    ibm cloud orchestrator 2.5.0.10
    ibm tivoli netcool/impact 7.1.0.0
    ibm iot messagesight 2.0
    ibm iot messagesight 5.0.0.0
    ibm cloud pak for automation 19.0.3
    ibm websphere application server 17.0.0.3
    ibm content collector 4.0.1
    ibm tivoli application dependency discovery manager 7.3.0.0
    ibm spectrum protect snapshot 4.1.0.0
    ibm security guardium 11.0
    ibm security guardium 11.1
    ibm spss collaboration and deployment services 8.2
    ibm spss collaboration and deployment services 8.2.1
    ibm elastic storage server 6.0.0
    ibm workload automation 9.5
    ibm cloud private 3.2.1 cd
    ibm spectrum protect operations center 7.1.0.000
    ibm spectrum protect operations center 8.1.0.000
    ibm spectrum protect operations center 8.1.9.000
    ibm spectrum protect operations center 7.1.10.000
    ibm cloud pak for automation 20.0.1
    ibm business automation workflow 18.0
    ibm business automation workflow 19.0
    ibm rational asset analyzer 6.1.0.23
    ibm financial transaction manager 3.2.4
    ibm cloud private 3.2.2 cd
    ibm spectrum control 5.3.4
    ibm spectrum control 5.3.5
    ibm spectrum control 5.3.6
    ibm spectrum control 5.3.7
    ibm cloud pak for automation 20.0.2
    ibm security guardium 11.2
    ibm business automation workflow 20.0.0.1
    ibm cloud pak for automation 20.0.3
    ibm spectrum control 5.4.1
    ibm spectrum scale 5.1.0
    ibm workload scheduler 9.5
    ibm websphere application server 17.0.0.3
    ibm websphere application server 21.0.0.3
    ibm websphere application server 21.0.0.3
    ibm security guardium 11.3
    ibm cloud pak for automation 21.0.1
    ibm security verify access docker 10.0.0
    ibm cloud pak for automation 21.0.2 -
    ibm spectrum scale 5.0.5.7
    ibm spectrum scale 5.1.1.1
    ibm cloud pak for automation 19.0.1
    ibm cloud pak for automation 19.0.2
    ibm financial transaction manager 3.2.9
    ibm security verify governance 10.0
    ibm sterling b2b integrator 6.1.2.1