| Vulnerability Name: | CVE-2020-7788 (CCN-192931) | ||||||||||||||||||||||||||||
| Assigned: | 2020-12-08 | ||||||||||||||||||||||||||||
| Published: | 2020-12-08 | ||||||||||||||||||||||||||||
| Updated: | 2022-12-02 | ||||||||||||||||||||||||||||
| Summary: | This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | ||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) 6.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C)
6.6 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C)
| ||||||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-400 | ||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-7788 Source: XF Type: UNKNOWN nodejs-ini-code-exec(192931) Source: report@snyk.io Type: Patch, Third Party Advisory report@snyk.io Source: report@snyk.io Type: Mailing List, Third Party Advisory report@snyk.io Source: report@snyk.io Type: Exploit, Third Party Advisory report@snyk.io Source: CCN Type: IBM Security Bulletin 6415865 (Cloud Automation Manager) A security vulnerability in Node.js ini module affects IBM Cloud Automation Manager. Source: CCN Type: IBM Security Bulletin 6416157 (Cloud Pak for Multicloud Management) A security vulnerability in Node.js ini module affects IBM Cloud Pak for Multicloud Management. Source: CCN Type: IBM Security Bulletin 6417593 (Security Guardium Insights) IBM Security Guardium Insights is affected by multiple vulnerabilities Source: CCN Type: IBM Security Bulletin 6420397 (App Connect Enterprise) Vulnerabilities in Node.js affect IBM App Connect Enterprise v11 ( CVE-2020-7788) Source: CCN Type: IBM Security Bulletin 6453115 (Cloud Pak for Security) Cloud Pak for Security contains security vulnerabilities Source: CCN Type: IBM Security Bulletin 6507095 (Planning Analytics) IBM Planning Analytics Workspace is affected by security vulnerabilities Source: CCN Type: IBM Security Bulletin 6575667 (Spectrum Discover) High severity vulnerabilities in libraries used by IBM Spectrum Discover (libraries of libraries) Source: CCN Type: IBM Security Bulletin 6590981 (QRadar Data Synchronization App) IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6612727 (Cloud Pak System Software) Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System Source: CCN Type: IBM Security Bulletin 6825871 (Tivoli Netcool/OMNIbus_GUI) Multiple vulnerabilities in React, webpack and Node.js modules affect Tivoli Netcool/OMNIbus WebGUI Source: CCN Type: IBM Security Bulletin 6830017 (QRadar Pulse App) QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities Source: CCN Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation) Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform Source: CCN Type: NPM Web site ini | ||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||