High Severity
IBM Security Bulletin: IBM InfoSphere Information Server is potentially vulnerable to XML External Entity Injection (XXE)
Feb 11, 2019 9:00 am EST
Categorized: High Severity
Share this post:
An XML External Entity Injection (XXE) vulnerability in InfoSphere Information Server Manager can potentially be used by an attacker to retrieve sensitive documents. Information Server Manager has a bulk import feature to help users import lists of Source Control Module (SCM) websites or user names. Use case examples for the bulk load feature are: – Multiple users want to use the SCM and there are three or more sites that need to be added. – DataStage version upgrades (i.e. version 11.3 to version 11.5) IBM Information Server Manager uses XML format for export and import of the SCM web site name and the links. Information Server Manager also allows the same information to be keyed in manually into the Add Available Software Sites dialog. There is a potential vulnerability when importing the website list using XML import.
CVE(s): CVE-2018-1727
Affected product(s) and affected version(s):
The following products, running on all supported platforms, are affected:
IBM InfoSphere Information Server: versions 9.1, 11.3, 11.5, and 11.7
IBM InfoSphere Information Server on Cloud: versions 11.5, and 11.7
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10718887
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147630
IBM Security Bulletin: Multiple vulnerabilities were identified in Node.js that affect IBM Cloud App Management V2018
Feb 15, 2019 9:00 am EST | High Severity
Multiple vulnerabilities were identified in Node.js that affected IBM Cloud App Management V2018. The product was updated to use a later version of Node.js to address these security vulnerabilities. CVE(s): CVE-2018-0732, CVE-2018-12115, CVE-2018-7166, CVE-2018-0737 Affected product(s) and affected version(s): IBM Cloud App Management V2018.2 Refer to the following reference URLs for remediation and additional vulnerability ...read more
IBM Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
Feb 14, 2019 9:00 am EST | High Severity
PowerKVM is affected by vulnerabilities in the Linux kernel . IBM has now addressed these vulnerabilities. CVE(s): CVE-2018-10675, CVE-2018-7566, CVE-2017-13215 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870832X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/142895X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/141112X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/137560 ...read more
IBM Security Bulletin: Apache Commons FileUpload Vulnerability Can Affect IBM Sterling Order Management (CVE-2016-1000031)
Feb 14, 2019 9:00 am EST | High Severity
IBM Sterling Order Management uses Apache Commons FileUpload and is affected by some of the vulnerabilities that exist in Apache Commons FileUpload. CVE(s): CVE-2016-1000031 Affected product(s) and affected version(s):IBM Sterling Selling and Fulfillment Foundation 9.1.0 through 10.0 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10870454X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/117957 ...read more