High Severity

IBM Security Bulletin: A vulnerability in Apache Zookeeper could affect IBM Performance Management products (CVE-2018-8012)

Share this post:

Apache Zookeeper could allow a remote attacker to bypass security restrictions, caused by the failure to enforce authentication or authorization when a server attempts to join a quorum. An attacker could exploit this vulnerability to join the cluster and begin propagating counterfeit changes to the leader.

CVE(s): CVE-2018-8012

Affected product(s) and affected version(s):

IBM Monitoring 8.1.3
IBM Application Diagnostics 8.1.3
IBM Application Performance Management 8.1.3
IBM Application Performance Management Advanced 8.1.3
IBM Cloud Application Performance Management Base Private 8.1.4
IBM Cloud Application Performance Management Advanced Private 8.1.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10738217
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/143565

More stories

Security Bulletin: Financial Transaction Manager for Check Services is affected by a potential information disclosure id 177835

Aug 7, 2020 8:00 pm EDT | High Severity

Financial Transaction Manager for Check Services (FTM CHK) for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Codec module could allow information disclosure. ...read more


Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential information disclosure id 177835

Aug 7, 2020 8:00 pm EDT | High Severity

Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential vulnerability in the Apache Commons Codec module could allow information disclosure. ...read more


Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections

Aug 6, 2020 8:01 pm EDT | High Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 1.8 used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections. ...read more