Medium Severity

IBM Security Bulletin: IBM Integration Bus affected by WAS is susceptible to TLS downgrade if using FIPS and JVM property if using non WAS keystore/truststore

Share this post:

IBM Integration Bus ships with a version of the WSRR thin client which is susceptible to vulnerabilities which were reported and have been addressed’

CVE(s): CVE-2018-1719

Affected product(s) and affected version(s):

IBM Integration Bus V10.0.0.0 – V10.0.0.15
IBM Integration Bus V9.0.0.0 – V9.0.0.11

WebSphere Message Broker V8.0.0.0 – V8.0.0.9

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10794673
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147292

More stories

IBM Security Bulletin: IBM Cloud Private ingress log files contain sensitive information (CVE-2019-4284)

Aug 2, 2019 9:01 am EDT | Medium Severity

IBM Cloud Private ingress log files contain sensitive information CVE(s): CVE-2019-4284 Affected product(s) and affected version(s):IBM Cloud Private 2.1.x, 3.1.0, 3.1.1, 3.1.2 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10885454X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/160512 ...read more


IBM Security Bulletin: IBM MQ clients are vulnerable to a denial of service attack caused by consuming specifically crafted messages (CVE-2019-4261)

Aug 2, 2019 9:01 am EDT | Medium Severity

An error was found with the IBM MQ client message handling logic that causes a denial of service attack when specifically crafted messages are consumed. CVE(s): CVE-2019-4261 Affected product(s) and affected version(s):IBM WebSphere MQ V7.1 versions 7.1.0.0 – 7.1.0.9 IBM WepSphere MQ V7.5 versions 7.5.0.0 – 7.5.0.9 IBM MQ V8 versions 8.0.0.0 – 8.0.0.11 IBM ...read more


IBM Security Bulletin: Financial Transaction Manager for Digital Payments is affected by a potential cross-site scripting (XSS) vulnerability (CVE-2018-15494)

Aug 2, 2019 9:00 am EDT | Medium Severity

Financial Transaction Manager for Digital Payments (FTM DP) for Multi-Platform has addressed the following vulnerability. A potential cross-site scripting vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. CVE(s): CVE-2018-15494 Affected product(s) and affected version(s): FTM DP v3.2.0.0 ...read more