IBM Product Security Incident Response


Archive

IBM Security Bulletin: Vulnerability in libssh2 affects Power Hardware Management Console (CVE-2019-3862)

Sep 17, 2019 9:02 am EDT | High Severity

libssh2 is used by Power Hardware Management Console (HMC). HMC has addressed the applicable CVE. CVE(s): CVE-2019-3862 Affected product(s) and affected version(s): Power HMC V8.7.0.0 Power HMC V9.1.910.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/security-bulletin-vulnerability-libssh2-affects-power-hardware-management-console-cve-2019-3862X-Force Database: ...read more


IBM Security Bulletin: Watson Explorer is affected by an Apache Zookeeper vulnerability (CVE-2019-0201)

Sep 17, 2019 9:02 am EDT | High Severity

IBM Watson Explorer has addressed the following vulnerability in Apache ZooKeeper. CVE(s): CVE-2019-0201 Affected product(s) and affected version(s): The vulnerability applies to the following products and versions: Affected Product Affected Versions IBM Watson Explorer Deep Analytics Edition Foundational Components 12.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2 IBM Watson Explorer Foundational Components 11.0.0.0 – 11.0.0.3, 11.0.1, 11.0.2.0 – ...read more


IBM Security Bulletin: Vulnerability affects Watson Explorer Foundational Components (CVE-2018-15756)

Sep 17, 2019 9:01 am EDT | High Severity

Security vulnerability affects IBM Watson Explorer Foundational Components. CVE(s): CVE-2018-15756 Affected product(s) and affected version(s): The vulnerability applies to the following product and version: Watson Explorer Foundational Components versions 12.0.0, 12.0.1, 12.0.2.0 – 12.0.2.2 Watson Explorer Foundational Components versions 11.0.2.0 – 11.0.2.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components and Watson Content Analytics (CVE-2018-8039)

Sep 17, 2019 9:01 am EDT | High Severity

Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, and IBM Watson Content Analytics. CVE(s): CVE-2018-8039 Affected product(s) and affected version(s): To see which vulnerabilities apply to your product and version, see the applicable row in the following table. Affected Product Affected Versions Applicable Vulnerabilities Watson ...read more


IBM Security Bulletin: Path Traversal exposure in the Save/Export function of the FTM OAC

Sep 17, 2019 9:00 am EDT | Medium Severity

The “Save/Export” function available on all search result displays (tabulated results) is potentially vulnerable to a Path Traversal type attack. CVE(s): CVE-2018-1847 Affected product(s) and affected version(s): Principal Product and Version(s) Financial Transaction Manager for MP v2.0.0.0 through 2.0.0.5 Financial Transaction Manager for MP v2.1.0.0 through 2.1.0.4 Financial Transaction Manager for MP v2.1.1.0 through 2.1.1.4 ...read more


IBM Security Bulletin: Information disclosure vulnerability in WebSphere Application Server (CVE-2019-4477)

Sep 16, 2019 5:11 pm EDT | Medium Severity

There is an information disclosure in WebSphere Application Server when using Security Auditing. CVE(s): CVE-2019-4477 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www.ibm.com/support/pages/node/960290X-Force ...read more


IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server Admin Console (CVE-2019-4270)

Sep 16, 2019 5:11 pm EDT | Medium Severity

There is a potential denial of service in the Admin Console of WebSphere Application Server. CVE(s): CVE-2019-4270 Affected product(s) and affected version(s): This vulnerability affects the following versions and releases of IBM WebSphere Application Server: Version 9.0 Version 8.5 Version 8.0 Version 7.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source ...read more


IBM Security Bulletin: Remote Execution Vulnerability Affects Red Hat Linux Used By IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter (CVE-2019-12735)

Sep 16, 2019 3:52 pm EDT | High Severity

There is a security vulnerability that affects Red Hat Linux used by IBM WebSphere Application Server in the IBM Cloud. CVE(s): CVE-2019-12735 Affected product(s) and affected version(s): These vulnerabilities affect the following versions and releases of IBM WebSphere Application Server for IBM Cloud Private VM Quickstarter: 2.0 3.0 Refer to the following reference URLs for ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Financial Transaction Manager for Corporate Payment Services for Multi-Platform

Sep 16, 2019 3:52 pm EDT | High Severity

There are multiple vulnerabilities in the IBM® Runtime Environment Java™ Version 7 or version 8 used by Financial Transaction Manager for Corporate Payment Services for Multi-Platform (FTM CPS). Financial Transaction Manager for Corporate Payment Services for Multi-Platform has addressed the applicable CVEs. CVE(s): CVE-2019-4473, CVE-2019-11771 Affected product(s) and affected version(s): FTM CPS: v3.2.1.0 Refer to ...read more