Medium Severity

IBM Security Bulletin: Apache Tomcat as used in IBM QRadar SIEM is vulnerable to publicly disclosed vulnerability. (CVE-2018-8034, CVE-2018-8037)

Share this post:

Publicly disclosed vulnerabilities in Apache Tomcat.

CVE(s): CVE-2018-8034, CVE-2018-8037

Affected product(s) and affected version(s):

IBM QRadar SIEM 7.3.0 – 7.3.1 Patch 6

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10742719
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147211
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147212

More stories

IBM Security Bulletin: IBM Cloud Kubernetes Service is impacted by a security vulnerability in Project Calico

Dec 8, 2018 9:01 am EST | Medium Severity

IBM Cloud Kubernetes Service is affected by a security vulnerability in Project Calico, the network CNI plugin used in IBM Cloud Kubernetes Service. In some scenarios, Calico will write configuration data in log files including service account tokens included in the configuration. This will expose Calico service account tokens in log files which could lead ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affects WebSphere Application Server October 2018 CPU that is bundled with IBM WebSphere Application Server Patterns

Dec 8, 2018 9:01 am EST | Medium Severity

There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s): IBM Java SDK shipped with IBM WebSphere Application Server Patterns 1.0.0.0 through 1.0.0.7 and 2.2.0.0 ...read more


IBM Security Bulletin: Vulnerability in Apache Batik affects IBM Cúram Social Program Management (CVE-2018-8013)

Dec 8, 2018 9:01 am EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Batik Library. In Apache Batik library prior to version 1.10, the class type has not being checked during the deserialization process of the subclass of `AbstractDocument`. Fix has been put in place to check the class type before instantiating during the deserialization process CVE(s): CVE-2018-8013 Affected product(s) ...read more