High Severity

IBM Security Bulletin: Potential denial of service in Liberty for Java for IBM Cloud (CVE-2018-10237)

Mar 22, 2019 10:00 am EDT | High Severity

There is a potential denial of service with the Google Guava library that is used in Liberty for Java. CVE(s): CVE-2018-10237 Affected product(s) and affected version(s):This vulnerability affects all versions of Liberty for Java in IBM Cloud up to and including v3.27. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more


IBM Security Bulletin: API Connect V2018 is impacted by information leak (CVE-2019-4052)

Mar 21, 2019 10:01 am EDT | High Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-4052 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10874248X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156544 ...read more


IBM Security Bulletin: Cloudant Local Apache CouchDB CVE-2018-17188: Remote Privilege Escalations

Mar 20, 2019 10:02 am EDT | High Severity

Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full system entry for unauthenticated users. CVE(s): CVE-2018-17188 Affected product(s) and affected version(s):All ...read more


IBM Security Bulletin: Vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU

Mar 20, 2019 10:02 am EDT | High Severity

There are vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct 2018 CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-3139, CVE-2018-3136, CVE-2018-13785, CVE-2018-3214, CVE-2018-3180, CVE-2018-3149, CVE-2018-3169, CVE-2018-3183 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier ...read more


IBM Security Bulletin: Vulnerabilities in deserialization of openid connect cookie

Mar 20, 2019 10:01 am EDT | High Severity

There are vulnerabilities in deserialization of openid connect cookie used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-1851 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier InfoSphere Streams 3.2.1.6 and earlier IBM Streams 4.1.1.7 and earlier IBM Streams 4.2.1.5 and earlier IBM Streams 4.3.0.0 ...read more


IBM Security Bulletin: Vulnerability in Apache CXF

Mar 20, 2019 10:01 am EDT | High Severity

There’s a vulnerability in Apache CXF used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2018-8039 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier InfoSphere Streams 3.2.1.6 and earlier IBM Streams 4.1.1.6 and earlier IBM Streams 4.2.1.4 and earlier IBM Streams 4.3.0.0 Refer to the ...read more


IBM Security Bulletin: Vulnerability in IBM SDK, Java Technology Edition Quarterly CPU

Mar 20, 2019 10:01 am EDT | High Severity

There’s a multiple vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2016-0705, CVE-2018-1517, CVE-2018-1656, CVE-2018-2973, CVE-2018-2952, CVE-2018-2940, CVE-2018-12539 Affected product(s) and affected version(s): Affected InfoSphere Streams Affected Versions InfoSphere Streams 4.0.1.6 and earlier InfoSphere Streams 3.2.1.6 and earlier IBM Streams 4.1.1.6 and ...read more


IBM Security Bulletin: InfoSphere Data Replication is affected by an Apache ZooKeeper open source library vulnerability

Mar 20, 2019 10:01 am EDT | High Severity

InfoSphere Data Replication has addressed the following vulnerability: CVE-2018-8012 – Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Streams

Mar 20, 2019 10:00 am EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, Service Refresh 4 Fix Pack 7 used by IBM Streams. IBM Streams has addressed the applicable CVEs. CVE(s): CVE-2017-10067, CVE-2017-10115, CVE-2017-10116, CVE-2017-10102 Affected product(s) and affected version(s): The following versions may be impacted: IBM Streams Version 4.2.1.2 and earlier IBM InfoSphere Streams Version ...read more