Medium Severity

IBM Security Bulletin: IBM InfoSphere Change Data Capture is affected by an Apache Derby open source library vulnerability (CVE-2015-1832)

Share this post:

IBM InfoSphere Change Data Capture has addressed the following vulnerability: CVE-2015-1832 – Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external entity (XXE) error when processing XML data by the XML datatype and XmlVTI. An attacker could exploit this vulnerability to read arbitrary files on the system or cause a denial of service.

CVE(s): CVE-2015-1832

Affected product(s) and affected version(s):
InfoSphere Data Replication 11.4

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10869934
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/115625

More stories

IBM Security Bulletin: A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2018-1901)

Apr 20, 2019 9:00 am EDT | Medium Severity

There is a vulnerability in IBM WebSphere Application Server, used by IBM Spectrum Scale. This issue allow a remote attacker to temporarily gain elevated privileges on the system. CVE(s): CVE-2018-1901 Affected product(s) and affected version(s):The Elastic Storage Server 5.3 thru 5.3.2.1 The Elastic Storage Server 5.0.0 thru 5.2.5 The Elastic Storage Server 4.5.0 thru 4.6.0 ...read more


IBM Security Bulletin: Multiple vulnerabilities in OpenSSL affect IBM Sterling Connect:Express for UNIX (CVE-2018-0734 and CVE-2018-5407)

Apr 18, 2019 9:01 am EDT | Medium Severity

OpenSSL vulnerabilities were disclosed on October 30, 2018 (CVE-2018-0734) and November 02, 2018 (CVE-2018-5407) by the OpenSSL Project. OpenSSL is used by Sterling Connect:Express for UNIX. Sterling Connect:Express for UNIX has addressed the applicable CVEs. CVE(s): CVE-2018-0734, CVE-2018-5407 Affected product(s) and affected version(s): IBM Sterling Connect:Express for UNIX 1.5.0.15 All versions prior to and including ...read more


IBM Security Bulletin: IBM QRadar SIEM is vulnerable to Information Exposure (CVE-2018-1729)

Apr 18, 2019 9:00 am EDT | Medium Severity

The product discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. CVE(s): CVE-2018-1729 Affected product(s) and affected version(s):IBM QRadar SIEM 7.3.0 – 7.3.2 GA Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10881546X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147708 ...read more