Medium Severity

IBM Security Bulletin: IBM DataPower Gateways is affected by a downgrade vulnerability (CVE-2018-1663)

Share this post:

IBM DataPower Gateway has addressed the following vulnerability: CVE-2018-1663

CVE(s): CVE-2018-1663

Affected product(s) and affected version(s):

IBM DataPower Gateway 7.7.0.0-7.7.1.3 (CD)
IBM DataPower Gateway 7.6.0.0-7.6.0.9
IBM DataPower Gateway 7.5.2.0-7.5.2.16
IBM DataPower Gateway 7.5.1.0.-7.5.1.16
IBM DataPower Gateway 7.5.0.0-7.5.0.17

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10740033
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/144889

More stories

IBM Security Bulletin: IBM QRadar WinCollect Agent Does Not Verify TLS Syslog Certificate (CVE-2019-4264)

May 25, 2019 9:01 am EDT | Medium Severity

When configured for TLS Syslog the Wincollect agent does not verify the authenticity or accuracy of the server certificate. Even when a certificate is specified within the WinCollect configuration it is ignored, and any certificate presented by the server is blindly accepted while negotiating TLS. CVE(s): CVE-2019-4264 Affected product(s) and affected version(s):WinCollect Agent 7.1.2 – ...read more


IBM Security Bulletin: Security vulnerability affects the Report Builder shipped with Jazz Reporting Service (CVE-2019-4184)

May 25, 2019 9:01 am EDT | Medium Severity

There is a security vulnerability in the Report Builder shipped with Jazz Reporting Service. CVE(s): CVE-2019-4184 Affected product(s) and affected version(s): Jazz Reporting Service 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6 and 6.0.6.1. Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884604X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158974 ...read more


IBM Security Bulletin: A security vulnerability has been addressed in IBM Cognos Analytics (CVE-2019-4139)

May 24, 2019 9:01 am EDT | Medium Severity

This bulletin addresses a security vulnerability that has been fixed in IBM Cognos Analytics 11.1.2 and IBM Cognos Analytics 11.0.13 FP1. A Cross Site Scripting (XSS) vulnerability could allow attackers to inject code into a GET statement when importing visualizations. This has been addressed in the latest available updates. CVE(s): CVE-2019-4139 Affected product(s) and affected ...read more