Medium Severity

IBM Security Bulletin: Cross-site scripting vulnerability in WebSphere Application Server affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2018-1643)

Share this post:

There is a potential cross-site scripting vulnerability with the Installation Verification Tool of IBM WebSphere Application Server which affects IBM Spectrum Control (formerly Tivoli Storage Productivity Center).

CVE(s): CVE-2018-1643

Affected product(s) and affected version(s):

Affected Product Affected Versions
IBM Tivoli Storage Productivity Center 5.2.0 – 5.2.7.1
IBM Spectrum Control 5.2.8 – 5.2.13

The versions listed above apply to all licensed offerings of IBM Spectrum Control.

Note that 5.3 versions of IBM Spectrum Control are not affected.

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10787515
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144588

More stories

IBM Security Bulletin: Financial Transaction Manager for Corporate Payment Services is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EST | Medium Severity

IBM Financial Transaction Manager for Corporate Payment Services (FTM CPS) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files. CVE(s): CVE-2018-2026 Affected product(s) and affected version(s): FTM CPS v3.2.1.0 Refer to the following reference URLs for remediation and ...read more


IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential directory listing of internal product files vulnerability (CVE-2018-2026)

Jan 22, 2019 9:01 am EST | Medium Severity

Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential directory listing vulnerability could allow an authenticated user to obtain a directory listing of internal product files. CVE(s): CVE-2018-2026 Affected product(s) and affected version(s): FTM DP v3.2.1.0 Refer to the following reference URLs for remediation and additional vulnerability ...read more


IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Rational Application Developer for WebSphere Software

Jan 22, 2019 9:01 am EST | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7 and 8 that are used by IBM Rational Application Developer for WebSphere Software. These issues were disclosed as part of the IBM Java SDK updates in October 2018. CVE(s): CVE-2018-3180, CVE-2018-3139 Affected product(s) and affected version(s): Rational Application Developer 9.0- 9.0.1.2 Rational Application ...read more