Medium Severity

IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)

Share this post:

IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 – Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.

CVE(s): CVE-2015-1832

Affected product(s) and affected version(s):
InfoSphere Data Replication 11.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869934
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115625

More stories

IBM Security Bulletin: IBM Event Streams is affected by Go vulnerabilities

Jul 17, 2019 9:02 am EDT | Medium Severity

IBM Event Streams has addressed the following vulnerabilities in the Go Runtimes shipped. CVE(s): CVE-2019-9741 Affected product(s) and affected version(s):IBM Event Streams 2018.3.0 IBM Event Streams 2018.3.1 IBM Event Streams 2019.1.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884414X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158137 ...read more


IBM Security Bulletin: IBM Event Streams is affected by WebSphere Liberty Profile vulnerability CVE-2019-4046

Jul 17, 2019 9:01 am EDT | Medium Severity

IBM Event Streams has addressed the following vulnerability. CVE(s): CVE-2019-4046 Affected product(s) and affected version(s):IBM Event Streams 2018.3.0 IBM Event Streams 2018.3.1 IBM Event Streams 2019.1.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10888065X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/156242 ...read more


IBM Security Bulletin: IBM Maximo Asset Management is vulnerable to File Path Traversal (CVE-2019-4430)

Jul 16, 2019 9:02 am EDT | Medium Severity

IBM Maximo Asset Management is vulnerable to File Path Traversal CVE(s): CVE-2019-4430 Affected product(s) and affected version(s): This vulnerability affects the following versions of the IBM Maximo Asset Management core product, and all other IBM Maximo Industry Solution and IBM Control Desk products, regardless of their own version, if they are currently installed on top ...read more