Medium Severity

IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

Jun 15, 2019 9:00 am EDT

Share this post:

IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack

CVE(s): CVE-2019-4142

Affected product(s) and affected version(s):
IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885434
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158338

Medium Severity

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

IBM Security Bulletin: IBM Db2 Mirror for i is affected by CVE-2019-4536

Aug 24, 2019 9:01 am EDT | Medium Severity

IBM Db2 Mirror for i configurations may be subject to this security vulnerability. A PTF for IBM i 7.4 and remediation steps are available. CVE(s): CVE-2019-4536 Affected product(s) and affected version(s):IBM i 7.4 with Db2 Mirror for i might be affected. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm11071586X-Force ...read more

IBM Security Bulletin: IBM Cloud Automation Manager is affected by a forbidden resouce redirect for bad API path CVE-2019-4132

Aug 24, 2019 9:00 am EDT | Medium Severity

IBM Cloud Automation Manager will redirect when a bad API path is requested rather than issuing a 404. User may expect an error but be redirected to a home page instead. CVE(s): CVE-2019-4132 Affected product(s) and affected version(s):IBM Cloud Automation Manager 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: ...read more

IBM Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct.2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows

Aug 22, 2019 9:00 am EDT | Medium Severity

There is vulnerability in IBM® Runtime Environment Java™ Version Java 1.8.0 SR5 FP16 and earlier used by DB2 Recovery Expert for Linux, Unix and Windows. These issues were disclosed as part of the IBM Java SDK updates in Oct. 2018. CVE(s): CVE-2018-3180 Affected product(s) and affected version(s): DB2 Recovery Expert for LUW 5.1 DB2 Recovery ...read more

Medium Severity

IBM Security Bulletin: IBM Cloud Private Platform-UI is vulnerable to a cross-site request forgery attack (CVE-2019-4142)

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Content Collector for SAP Applications

IBM Security Bulletin: Multiple Vulnerabilities in IBM Java Runtime Affect IBM Sterling Connect:Direct for UNIX

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

IBM Security Bulletin: IBM Db2 Mirror for i is affected by CVE-2019-4536

Aug 24, 2019 9:01 am EDT | Medium Severity

IBM Security Bulletin: IBM Cloud Automation Manager is affected by a forbidden resouce redirect for bad API path CVE-2019-4132

Aug 24, 2019 9:00 am EDT | Medium Severity

IBM Security Bulletin:IBM SDK, Java Technology Edition Quarterly CPU – Oct 2018 – Includes Oracle Oct.2018 CPU affects DB2 Recovery Expert for Linux, Unix and Windows

Aug 22, 2019 9:00 am EDT | Medium Severity