Vulnerability Name:

CVE-2021-23440 (CCN-209431)

Assigned:2021-09-12
Published:2021-09-12
Updated:2022-03-29
Summary:This affects the package set-value before <2.0.1, >=3.0.0 <4.0.1. A type confusion vulnerability can lead to a bypass of CVE-2019-10747 when the user-provided keys used in the path parameter are arrays.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-843
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2021-23440

Source: XF
Type: UNKNOWN
nodejs-cve202123440-code-exec(209431)

Source: CCN
Type: set-value GIT Repository
4.0.1

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/jonschlinkert/set-value/commit/7cf8073bb06bf0c15e08475f9f952823b4576452

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/jonschlinkert/set-value/pull/33

Source: MISC
Type: Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1584212

Source: CCN
Type: SNYK-JS-SETVALUE-1540541
Prototype Pollution

Source: MISC
Type: Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541

Source: MISC
Type: Exploit, Third Party Advisory
https://www.huntr.dev/bounties/2eae1159-01de-4f82-a177-7478a408c4a2/

Source: CCN
Type: IBM Security Bulletin 6490861 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container Dashboards may be vulnerable to arbitrary code execution via CVE-2021-23440

Source: CCN
Type: IBM Security Bulletin 6516464 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js

Source: CCN
Type: IBM Security Bulletin 6541298 (Cloud Pak for Automation)
Multiple security vulnerabilities fixed in Cloud Pak for Automation components

Source: CCN
Type: IBM Security Bulletin 6551876 (Cloud Pak for Security)
Cloud Pak for Security uses packages that are vulnerable to multiple CVEs

Source: CCN
Type: IBM Security Bulletin 6825871 (Tivoli Netcool/OMNIbus_GUI)
Multiple vulnerabilities in React, webpack and Node.js modules affect Tivoli Netcool/OMNIbus WebGUI

Source: CCN
Type: IBM Security Bulletin 6956539 (MobileFirst Platform Foundation)
Multiple vulnerabilities found with third-party libraries used by IBM MobileFirst Platform

Source: CCN
Type: IBM Security Bulletin 7001723 (QRadar Deployment Intelligence App)
QRadar Deployment Intelligence App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities (CVE-2022-25881, CVE-2021-23440, CVE-2022-24785, CVE-2022-46175)

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:set-value_project:set-value:*:*:*:*:*:node.js:*:* (Version < 2.0.1)
  • OR cpe:/a:set-value_project:set-value:*:*:*:*:*:node.js:*:* (Version >= 3.0.0 and < 4.0.1)

    • Configuration 2:
  • cpe:/a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:nodejs:node.js:*:*:*:*:-:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:mobilefirst_platform_foundation:8.0.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:app_connect_enterprise_certified_container:1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_discovery:2.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_pak_for_security:1.7.2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    set-value_project set-value *
    set-value_project set-value *
    oracle communications cloud native core policy 1.14.0
    nodejs node.js *
    ibm watson discovery 2.0.0
    ibm mobilefirst platform foundation 8.0.0.0
    ibm app connect enterprise certified container 1.0.0
    ibm app connect enterprise certified container 1.0.1
    ibm app connect enterprise certified container 1.0.2
    ibm app connect enterprise certified container 1.0.3
    ibm app connect enterprise certified container 1.0.4
    ibm watson discovery 2.2.1
    ibm cloud pak for automation 21.0.1
    ibm cloud pak for automation 21.0.2 -
    ibm cloud pak for security 1.7.2.0