High Severity

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect z/TPF

Dec 13, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-2989 DESCRIPTION:   An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.CVSS Base score: 6.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) CVEID:   CVE-2019-2958 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.CVSS Base score: 5.9CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169264 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID:   CVE-2019-2975 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Scripting component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.CVSS Base score: 4.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169281 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) CVEID:   CVE-2019-2999 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Javadoc component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.CVSS Base score: 4.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169305 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID:   CVE-2019-2996 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.CVSS Base score: 4.2CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169302 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) CVEID:   CVE-2019-2992 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169298 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2988 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169294 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2983 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169289 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2981 DESCRIPTION:   An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169287 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2978 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169284 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2973 DESCRIPTION:   An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169279 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2962 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169268 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2964 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169270 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2945 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.1CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169250 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2933 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.CVSS Base score: 3.1CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169238 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) CVEID:   CVE-2019-17631 DESCRIPTION:   Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to performs an authorization check when an actor attempts to access a resource or perform an action. An attacker could exploit this vulnerability to gain access to diagnostic operations such as causing a GC or creating a diagnostic file.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169513 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in HTTP/2 implementation used by Liberty for Java for IBM Cloud

Dec 11, 2019 7:01 pm EST | High Severity

CVEID:   CVE-2019-9515 DESCRIPTION:   Some HTTP/2 implementations are vulnerable to a settings flood, potentially leading to a denial of service. The attacker sends a stream of SETTINGS frames to the peer. Since the RFC requires that the peer reply with one acknowledgement per SETTINGS frame, an empty SETTINGS frame is almost equivalent in behavior to a ping. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.CVSS Base score: 7.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165181 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:   CVE-2019-9518 DESCRIPTION:   Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The peer spends time processing each frame disproportionate to attack bandwidth. This can consume excess CPU.CVSS Base score: 7.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164904 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:   CVE-2019-9517 DESCRIPTION:   Some HTTP/2 implementations are vulnerable to unconstrained interal data buffering, potentially leading to a denial of service. The attacker opens the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.CVSS Base score: 7.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/165183 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:   CVE-2019-9512 DESCRIPTION:   Some HTTP/2 implementations are vulnerable to ping floods, potentially leading to a denial of service. The attacker sends continual pings to an HTTP/2 peer, causing the peer to build an internal queue of responses. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.CVSS Base score: 7.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164903 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:   CVE-2019-9514 DESCRIPTION:   Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.CVSS Base score: 7.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164640 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVEID:   CVE-2019-9513 DESCRIPTION:   Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.CVSS Base score: 7.5CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/164639 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects WebSphere Application Server October 2019 CPU that is bundled with IBM WebSphere Application Server Patterns

Dec 11, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-2989 DESCRIPTION:   An unspecified vulnerability in Java SE could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.CVSS Base score: 6.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169295 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N) CVEID:   CVE-2019-2958 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, high integrity impact, and no availability impact.CVSS Base score: 5.9CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169264 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N) CVEID:   CVE-2019-2977 DESCRIPTION:   An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact.CVSS Base score: 4.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169283 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L) CVEID:   CVE-2019-2975 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Scripting component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and low availability impact.CVSS Base score: 4.8CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169281 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L) CVEID:   CVE-2019-2999 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Javadoc component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.CVSS Base score: 4.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169305 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N) CVEID:   CVE-2019-2996 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Deployment component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.CVSS Base score: 4.2CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169302 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N) CVEID:   CVE-2019-2894 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Security component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169207 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N) CVEID:   CVE-2019-2992 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169298 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2988 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169294 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2987 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169293 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2983 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169289 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2981 DESCRIPTION:   An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169287 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2978 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169284 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2973 DESCRIPTION:   An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169279 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2962 DESCRIPTION:   An unspecified vulnerability in Java SE related to the 2D component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169268 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2964 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Concurrency component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.7CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169270 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2945 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Networking component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors.CVSS Base score: 3.1CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169250 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L) CVEID:   CVE-2019-2933 DESCRIPTION:   An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors.CVSS Base score: 3.1CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169238 for the current score.CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N) CVEID:   CVE-2019-17631 DESCRIPTION:   Eclipse OpenJ9 could allow a local attacker to gain elevated privileges on the system, caused by the failure to performs an authorization check when an actor attempts to access a resource or perform an action. An attacker could exploit this vulnerability to gain access to diagnostic operations such as causing a GC or creating a diagnostic file.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/169513 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Vulnerability in IBM Java Runtime affect DB2 Recovery Expert for Linux, Unix and Windows(IBM SDK, Java Technology Edition Quarterly CPU – Jul 2019 – Includes Oracle Jul 2019 CPU) )

Dec 11, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4473 DESCRIPTION:   Multiple binaries in IBM SDK, Java Technology Edition 7, 7R, and 8 on the AIX platform use insecure absolute RPATHs, which may facilitate code injection and privilege elevation by local users. IBM X-Force ID: 163984.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163984 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVEID:   CVE-2019-11771 DESCRIPTION:   AIX builds of Eclipse OpenJ9 before 0.15.0 contain unused RPATHs which may facilitate code injection and privilege elevation by local users.CVSS Base score: 8.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/163989 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization

Dec 11, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2017-1677 DESCRIPTION:   IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.CVSS Base score: 7.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/133999 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: IBM Db2 High Performance Unload is affected by 3RD PARTY – – Unquoted Service Path vulnerability

Dec 11, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2019-4606 DESCRIPTION:   IBM DB2 High Performance Unload could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system.CVSS Base score: 7.4CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/168298 for the current score.CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Apache Commons Collections library in WebSphere Application Server Knowledge Center is vulnerable in IBM Cloud (CVE-2015-7450)

Dec 11, 2019 7:00 pm EST | High Severity

CVEID:   CVE-2015-7450 DESCRIPTION:   Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the InvokerTransformer class in the Apache Commons Collections library.CVSS Base score: 9.8CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearCase

Dec 11, 2019 4:44 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Rational ClearCase on the AIX platform. IBM Rational ClearCase has addressed the applicable CVEs. Affected Products and Versions IBM Rational ClearCase version 9 on AIX in the following components: CCRC WAN server/CM Server component, when configured to use SSL ClearCase remote client: CCRC/CTE ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Rational ClearQuest (CVE-2019-4473, CVE-2019-11771)

Dec 11, 2019 4:29 pm EST | High Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8, which are used by IBM Rational ClearQuest on the AIX platform. IBM Rational ClearQuest has addressed the applicable CVEs. Affected Products and Versions IBM Rational ClearQuest version 9 on AIX in the following components: ClearQuest Web/CQ OSLC server/CM Server component, when configured ...read more